GHSA-h7h6-fwpv-ggvx
GitHub Security Advisory
Moodle contains Stored XSS via ID number user profile field
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Affected Packages
Packagist
moodle/moodle
Affected versions:
3.10
(fixed in 3.10.2)
Packagist
moodle/moodle
Affected versions:
3.9
(fixed in 3.9.5)
Packagist
moodle/moodle
Affected versions:
3.8
(fixed in 3.8.8)
Packagist
moodle/moodle
Affected versions:
3.5
(fixed in 3.5.17)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 15, 2025 6:24 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.