The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NMoodle
APPMoodle< 4.1.104.2.0 – 4.2.7 (bez)4.3.0 – 4.3.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2024-33999CRITICAL9.8PL ✓ten sam produkt
Moodle MFA — niewystarczająca sanityzacja URL referrer
CVE-2023-28333CRITICAL9.8ten sam produkt
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This ...
CVE-2021-36392CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVE-2021-36393CRITICAL9.8ten sam produkt
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVE-2021-36394CRITICAL9.8ten sam produkt
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.