CVE-2021-20183

MEDIUM

Moodle < 3.10.1 and 3.10-4.0.0-beta - Reflected Cross-Site Scripting via Search Input

Title source: llm
STIX 2.1

Description

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=417166

Scores

CVSS v3 5.4
EPSS 0.0082
EPSS Percentile 52.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
moodle/moodle < 3.10.1
moodle/moodle 3.10 - 4.0.0-betaPackagist
Published Jan 28, 2021
Tracked Since Feb 18, 2026