CVE-2020-25631 - AskarLabs CVE Database

CVE-2020-25631

Vendor N/A

Product Moodle

Weakness CWE-79 · XSS

Published December 8, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.

Key dates

02Disclosure timeline

December 8, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-25631

Related vulnerabilities

04Related CVE

CVE-2026-25144 Talishar has a Stored XSS which can lead to data exfiltration & user impersonation CVE-2023-32241 WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS) CVE-2023-38364 IBM CICS TX Advanced cross-site scripting CVE-2024-27306 aiohttp vulnerable to XSS on index pages for static file handling CVE-2025-28924 WordPress ZenphotoPress plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability