Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20186)

Description

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

Remediation

References

CVE-2021-20186

Related Vulnerabilities

WordPress Plugin mywebcounter Cross-Site Scripting (1.1)

OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1563)

WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-7226)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-5611)

Severity

Medium

Classification

CVE-2021-20186 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N