Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-18
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
| Products | Moodle |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14884
• https://moodle.org/mod/forum/discuss.php?d=393587#p1586751 |