Moodle Stored Cross-site Scripting and page denial of service
High severity
GitHub Reviewed
Published
Oct 1, 2022
to the GitHub Advisory Database
•
Updated Apr 23, 2024
Package
Affected versions
>= 3.9, < 3.9.17
>= 3.11, < 3.11.10
>= 4.0, < 4.0.4
Patched versions
3.9.17
3.11.10
4.0.4
Description
Published by the National Vulnerability Database
Sep 30, 2022
Published to the GitHub Advisory Database
Oct 1, 2022
Reviewed
Apr 23, 2024
Last updated
Apr 23, 2024
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an Cross-site Scripting risk or a page failing to load.
References