Stored XSS vulnerability in Quiz Grading Report in Moodle versions 3.5 to 3.10.3

Stored XSS vulnerability in Quiz Grading Report in Moodle versions 3.5 to 3.10.3

CVE-2021-32475 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Learn more about our Web Application Penetration Testing UK.