CVE-2020-25631
08.12.2020, 01:15
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.
| Vendor | Product | Version |
|---|---|---|
| moodle | moodle | 3.7.0 ≤ 𝑥 < 3.7.8 |
| moodle | moodle | 3.8.0 ≤ 𝑥 < 3.8.5 |
| moodle | moodle | 3.9.0 ≤ 𝑥 < 3.9.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases