CVE-2020-25628 - AskarLabs CVE Database

CVE-2020-25628

Vendor N/A

Product Moodle

Weakness CWE-79 · XSS

Published December 8, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Key dates

02Disclosure timeline

December 8, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-25628

Related vulnerabilities

04Related CVE

CVE-2025-6695 LabRedesCefetRJ WeGIA Additional Categoria adicionar_categoria.php cross site scripting CVE-2024-27196 WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-32103 WordPress TP Education Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) CVE-2025-11869 Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-58826 WordPress WP Publication Archive Plugin <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability

Identifiers

CVE CVE-2020-25628

CWE CWE-79

Affected versions

Vendor N/A

Product Moodle

Affected 3.9 to 3.9.1

Vendor N/A

Product Moodle

Affected 3.8 to 3.8.4

Vendor N/A

Product Moodle

Affected 3.7 to 3.7.7

Vendor N/A

Product Moodle

Affected 3.5 to 3.5.13

Vendor N/A

Product Moodle

Affected earlier unsupported versions