CVE-2021-20186

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20186

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20186.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20186

Aliases

Related

UBUNTU-CVE-2021-20186

Published

2021-01-28T19:15:13Z

Modified

2024-09-03T03:38:09.281555Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

References

https://moodle.org/mod/forum/discuss.php?d=417170

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

f968cd44e8ee5d54b1bc56823040ff770dbf18af

Fixed

323c12674aa74d327ded9f5e44458cd5d1aea174

Affected versions

v3.*

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6