What the vulnerability does
01Description
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
CVSS base score
—
Key dates
02Disclosure timeline
March 15, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-0367 Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link
CVE-2023-45587
CVE-2018-3773
CVE-2025-23725 WordPress Accessibility Task Manager plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2021-43861 Incorrect sanitisation function leads to `XSS`
