The TinyMCE editor included with Moodle required a security patch to be applied to fix an XSS risk.
Severity/Risk: | Minor |
Versions affected: | 4.1 to 4.1.1 |
Versions fixed: | 4.1.2 |
Reported by: | Andrew Lyons |
CVE identifier: | CVE-2022-23494 |
Changes (master): | N/A |
Tracker issue: | MDL-77470 XSS risk in TinyMCE alerts (upstream) |