CVE-2020-25628

Summary

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Affected Software

VendorProductVersion RangeStatus
n/aMoodle3.9 to 3.9.1affected
n/aMoodle3.8 to 3.8.4affected
n/aMoodle3.7 to 3.7.7affected
n/aMoodle3.5 to 3.5.13affected
n/aMoodleearlier unsupported versionsaffected

Weaknesses

  • CWE-79: CWE-79

ADP Enrichment

CVE Program Container

Additional References

References