Moderate severityNVD Advisory· Published Aug 16, 2022· Updated Aug 4, 2024
CVE-2020-14320
CVE-2020-14320
Description
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.9, < 3.9.1 | 3.9.1 |
moodle/moodlePackagist | >= 3.8, < 3.8.4 | 3.8.4 |
moodle/moodlePackagist | >= 3.7, < 3.7.7 | 3.7.7 |
Affected products
3- osv-coords2 versions
>= 3.7.0, < 3.7.7+ 1 more
- (no CPE)range: >= 3.7.0, < 3.7.7
- (no CPE)range: >= 3.9, < 3.9.1
Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
4- github.com/advisories/GHSA-fcpw-vqh5-6qwjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-14320ghsaADVISORY
- github.com/moodle/moodle/commit/c6ffe9588ebb02b73c33a09e5d8061f58acc1701ghsaWEB
- moodle.org/mod/forum/discuss.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.