CVE-2020-25628

MEDIUM

moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Reflected Cross-Site Scripting in Tag Manager Filter

Title source: llm
STIX 2.1

Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

References (2)

Core 2
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=410840

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 48.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
moodle/moodle 3.5.0 - 3.5.14
moodle/moodle 3.9.0 - 3.9.2Packagist
Published Dec 08, 2020
Tracked Since Feb 18, 2026