CVE-2021-20280

CVE-2021-20280

Vendor N/A

Product moodle

Weakness CWE-79 · XSS

Published March 15, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Key dates

02Disclosure timeline

March 15, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-20280

Related vulnerabilities

04Related CVE

CVE-2024-51617 WordPress Clyp plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext CVE-2025-42886 Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector CVE-2023-48539 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-11098 SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload