CVE-2021-32244 (https://github.com/langkexiansheng/Images/blob/master/moodle_xss.gif): Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. Maintainers, is this vulnerability fixed? If so, what versions are fixed?
I've bumped to 3.10.4 which is fixed.
Thanks! Please cleanup <3.10.4
Ping.
Package list is empty or all packages have requested keywords.
(In reply to John Helmert III from comment #3) > Ping. Sorry that was cleaned up a while ago even though I didn't respond here.
(In reply to Anthony Basile from comment #11) > (In reply to John Helmert III from comment #3) > > Ping. > > Sorry that was cleaned up a while ago even though I didn't respond here. What about 3.9.x?
(In reply to John Helmert III from comment #12) > (In reply to Anthony Basile from comment #11) > > (In reply to John Helmert III from comment #3) > > > Ping. > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > What about 3.9.x? Three branches of moodle are supported (with security). As of today, all three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2.
(In reply to Anthony Basile from comment #13) > (In reply to John Helmert III from comment #12) > > (In reply to Anthony Basile from comment #11) > > > (In reply to John Helmert III from comment #3) > > > > Ping. > > > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > > > What about 3.9.x? > > Three branches of moodle are supported (with security). As of today, all > three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2. I see, maybe you're confused because 3.9.9 < 3.10.4. Not really. 3.9.9 has the security fix cited in this bug.
(In reply to Anthony Basile from comment #14) > (In reply to Anthony Basile from comment #13) > > (In reply to John Helmert III from comment #12) > > > (In reply to Anthony Basile from comment #11) > > > > (In reply to John Helmert III from comment #3) > > > > > Ping. > > > > > > > > Sorry that was cleaned up a while ago even though I didn't respond here. > > > > > > What about 3.9.x? > > > > Three branches of moodle are supported (with security). As of today, all > > three version of moodle on the tree are up to day: 3.9.9, 3.10.6, 3.11.2. > > I see, maybe you're confused because 3.9.9 < 3.10.4. Not really. 3.9.9 > has the security fix cited in this bug. Yeah, that was it. Works for me, thanks! All unstable so no GLSA. All done.