GHSA-g5m5-j48g-fr24

Suggest an improvement
Source
https://github.com/advisories/GHSA-g5m5-j48g-fr24
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5m5-j48g-fr24/GHSA-g5m5-j48g-fr24.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-g5m5-j48g-fr24
Aliases
Published
2022-05-24T19:05:25Z
Modified
2024-04-24T17:56:40.810438Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Moodle Cross Site Scripting (XSS)
Details

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.

Database specific 
{
    "nvd_published_at": "2021-06-16T21:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T17:29:14Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Affected versions

3.*

3.10.3