MSA-21-0001: Search input template insufficiently escaped search queries

by Michael Hawkins.  

Some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.


Severity/Risk:Serious
Versions affected:3.10
Versions fixed:3.10.1
Reported by:kstpt
CVE identifier:CVE-2021-20183
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-70571
Tracker issue:MDL-70571 Search input template insufficiently escaped search queries

Read more https://moodle.org/mod/forum/discuss.php?d=417166&parent=1680837