Vulnerabilities > Moodle > Moodle > 3.9.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-09 | CVE-2020-25627 | Cross-site Scripting vulnerability in Moodle 3.9.0/3.9.1/3.9.2 The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. | 4.3 |
| 2020-12-08 | CVE-2020-25631 | Cross-site Scripting vulnerability in Moodle A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. | 4.3 |
| 2020-12-08 | CVE-2020-25630 | Resource Exhaustion vulnerability in Moodle A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. | 5.0 |
| 2020-12-08 | CVE-2020-25628 | Cross-site Scripting vulnerability in Moodle The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. | 4.3 |
| 2020-11-19 | CVE-2020-25702 | Cross-site Scripting vulnerability in multiple products In Moodle, it was possible to include JavaScript when re-naming content bank items. | 6.1 |