Description
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)
PHP Out-of-bounds Read Vulnerability (CVE-2026-6104)
WordPress Plugin Modern Events Calendar Arbitrary File Upload (7.11.0)
WordPress Plugin DukaPress Directory Traversal (2.5.2)
WordPress Plugin Web to Print Online Designer Security Bypass (2.3.0)