VDB
CVE-2020-25627
CVE-2020-25627
PUBLISHED
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
EPSS 5.35% · 90.3th percentile
Risk Scores
EPSS Score
5.35%
90.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | moodle | 3.9.0 |
| Bitnami | moodle | 3.9.0 |
Exploit Intelligence
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc-repo)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc)
- Stored XSS via moodlenetprofile parameter in user profile (github-poc)
…and 6 more exploits
Timeline
- Sep 21, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 14, 2023 EPSS Score