Description

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

Remediation

References

CVE-2021-20186

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Request Forgery (2.0.39)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-28644)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)

WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15110)

Severity

Medium

Classification

CVE-2021-20186 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities