Description
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
Remediation
References
Related Vulnerabilities
WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)
WordPress Plugin Disclosure Policy 'abspath' Parameter Remote File Include (1.0)
WordPress Plugin WordPress Poll Multiple SQL Injection and Security Bypass Vulnerabilities (34.04)
Oracle JRE CVE-2022-21628 Vulnerability (CVE-2022-21628)
WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.6)