CVE-2021-20186

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-20186
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20186.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20186
Aliases
Downstream
Published
2021-01-28T19:15:13.300Z
Modified
2026-02-21T10:38:16.624483Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bbf242efb086307a0af9367d6caea08649b261d1
Introduced
500c131eb49771e36f68d151dfa37fef5a9bc2df
Fixed
de301d4237c42ddd0d4ae7395e663b8457943727
Introduced
ec58cefefb2722f61f77c9a2b6a12d40a8c078a0
Fixed
00821c744c3f102e706500f9815e0fa5e6b8fb25
Introduced
f968cd44e8ee5d54b1bc56823040ff770dbf18af
Fixed
323c12674aa74d327ded9f5e44458cd5d1aea174

Affected versions

v3.*
v3.10.0
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.9.0
v3.9.1
v3.9.2
v3.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20186.json"