CVE-2020-25628

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-25628
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25628.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-25628
Aliases
Downstream
Published
2020-12-08T01:15:11.633Z
Modified
2025-11-20T11:22:29.711173Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
46574904afd39578fa4146bf1fc5c401ac680aa6
Fixed
598064e4d9958b22e8b8c81016440b1aea48771e

Affected versions

v3.*

v3.5.0
v3.5.1
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25628.json"