Description

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

Remediation

References

CVE-2021-20186

Related Vulnerabilities

Chamilo Other Vulnerability (CVE-2023-34962)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165)

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

WordPress Plugin Quick Chat Cross-Site Scripting (4.14)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)

Severity

Medium

Classification

CVE-2021-20186 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities