Vulnerability Details CVE-2020-25702
In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1895437
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- https://moodle.org/mod/forum/discuss.php?d=413940
- https://bugzilla.redhat.com/show_bug.cgi?id=1895437
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
- https://moodle.org/mod/forum/discuss.php?d=413940
Products affected by CVE-2020-25702
-
cpe:2.3:a:moodle:moodle:3.9.0
-
cpe:2.3:a:moodle:moodle:3.9.1
-
cpe:2.3:a:moodle:moodle:3.9.2
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33