If the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
Severity/Risk: | Serious |
Versions affected: | 3.10, 3.9 to 3.9.3, 3.8 to 3.8.6, 3.5 to 3.5.15 and earlier unsupported versions |
Versions fixed: | 3.10.1, 3.9.4, 3.8.7 and 3.5.16 |
Reported by: | Ata Hakcil |
Workaround: | Disable the TeX notation filter until the patch has been applied. (Note that this filter is disabled by default.) |
CVE identifier: | CVE-2021-20186 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69911 |
Tracker issue: | MDL-69911 Stored XSS possible via TeX notation filter |