Moderate severityNVD Advisory· Published Mar 15, 2021· Updated Aug 3, 2024
CVE-2021-20279
CVE-2021-20279
Description
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.10, < 3.10.2 | 3.10.2 |
moodle/moodlePackagist | >= 3.9, < 3.9.5 | 3.9.5 |
moodle/moodlePackagist | >= 3.8, < 3.8.8 | 3.8.8 |
moodle/moodlePackagist | >= 3.5, < 3.5.17 | 3.5.17 |
Affected products
3- moodle/moodledescription
- osv-coords2 versions
>= 3.5.0, < 3.5.17+ 1 more
- (no CPE)range: >= 3.5.0, < 3.5.17
- (no CPE)range: >= 3.10, < 3.10.2
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-h7h6-fwpv-ggvxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2021-20279ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/moodle/moodle/commit/a7e0ba1e71205ccb0a73dedee414f1a167ee2ed7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MSghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMTghsaWEB
- moodle.org/mod/forum/discuss.phpghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.