GHSA-x2jp-hh65-4xvf

GitHub Security Advisory

Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle

✓ GitHub Reviewed MODERATE Has CVE

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Packagist moodle/moodle

Affected versions: 3.10 (fixed in 3.10.2)

Packagist moodle/moodle

Affected versions: 3.9 (fixed in 3.9.5)

Packagist moodle/moodle

Affected versions: 3.8 (fixed in 3.8.8)

Packagist moodle/moodle

Affected versions: 3.5 (fixed in 3.5.17)

CVE-2021-20280

GHSA ID

GHSA-x2jp-hh65-4xvf

Published

March 29, 2021 8:42 PM

Last Modified

November 18, 2021 3:25 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.