{"containers": {"cna": {"affected": [{"product": "Moodle", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the \"Add new chapter\" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-08T00:10:13", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=410843"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:35.426Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=410843"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25631", "datePublished": "2020-12-08T00:10:13", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:35.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "950E176E-D992-4526-BBC7-2D2352956B1F", "versionEndExcluding": "3.7.8", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CD970C3-DD85-48C8-A95D-69390F61B1E7", "versionEndExcluding": "3.8.5", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "7621A65F-A568-45DE-B2B7-A809EB48409F", "versionEndExcluding": "3.9.2", "versionStartIncluding": "3.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the \"Add new chapter\" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Moodle versiones 3.9 hasta 3.9.1, 3.8 hasta 3.8.4 y 3.7 hasta 3.7.7, donde era posible incluir JavaScript en el t\u00edtulo del cap\u00edtulo de un libro, que no era escapado en la p\u00e1gina \"Add new chapter\". Esto es corregido en las versiones 3.9.2, 3.8.5 y 3.7.8"}], "id": "CVE-2020-25631", "lastModified": "2020-12-08T16:04:52.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-08T01:15:12.007", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=410843"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{}