CVE-2021-20279
- Source
- https://cve.org/CVERecord?id=CVE-2021-20279
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20279.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-20279
- Aliases
- Downstream
- Published
- 2021-03-15T22:15:13.140Z
- Modified
- 2026-02-13T08:42:45.210602Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
- https://bugzilla.redhat.com/show_bug.cgi?id=1939033
- https://moodle.org/mod/forum/discuss.php?d=419650
- https://bugzilla.redhat.com/show_bug.cgi?id=1939033
- https://moodle.org/mod/forum/discuss.php?d=419650
Affected packages
Git / github.com/moodle/moodle
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moodle/moodle
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
Affected versions
v3.*
v3.10.0
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.10.1
v3.10.10
v3.10.11
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9
v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.2
v3.9.20
v3.9.21
v3.9.22
v3.9.23
v3.9.24
v3.9.25
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9