Description
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (7.6.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4592)
WordPress Plugin FG PrestaShop to WooCommerce Cross-Site Scripting (3.19.1)