Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
[
{
"product": "moodle",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 3.10.2, 3.9.5, 3.8.8, 3.5.17"
}
]
}
]
packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html
bugzilla.redhat.com/show_bug.cgi?id=1939037
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT/
moodle.org/mod/forum/discuss.php?d=419651