CVE-2021-20186
Moodle Cross-site Scripting
5.4
MEDIUM
CVSS 3.1
EPSS 0.53%
Description
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
How to fix CVE-2021-20186
To remediate CVE-2021-20186, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 3.5.16 or later
- —upgrade to 3.10.1 or later
Is CVE-2021-20186 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.5.16, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.4, >= 3.10.0, < 3.10.1
- >= 3.10, < 3.10.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |