CVE-2021-20280

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20280

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20280.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-20280

Aliases

Downstream

UBUNTU-CVE-2021-20280

Published

2021-03-15T22:15:13.203Z

Modified

2026-02-13T00:29:24.999678Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

3d395fda43a7bbea255c123ba91a5577830ffcce

Fixed

bec4e775007f5706ce7dd419630f6c9481831fa2

Introduced

500c131eb49771e36f68d151dfa37fef5a9bc2df

Fixed

ef0ebaf0f9e10ef47402a33bf777088767b653d7

Introduced

ec58cefefb2722f61f77c9a2b6a12d40a8c078a0

Fixed

15f3dddd042a3af82120df91e835c75bf840d2e1

Introduced

f968cd44e8ee5d54b1bc56823040ff770dbf18af

Fixed

0c66ff02a81758ff1a99b60dc6f7812ede5f033d

Affected versions

v3.*

v3.10.0

v3.10.0-beta

v3.10.0-rc1

v3.10.0-rc2

v3.10.1

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.8.7

v3.8.8

v3.8.9

v3.9.0

v3.9.1

v3.9.10

v3.9.11

v3.9.12

v3.9.13

v3.9.14

v3.9.15

v3.9.16

v3.9.17

v3.9.18

v3.9.19

v3.9.2

v3.9.20

v3.9.21

v3.9.22

v3.9.23

v3.9.24

v3.9.25

v3.9.3

v3.9.4

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20280.json"