vulnerability

Moodle: Unspecified Security Vulnerability (CVE-2019-14827)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	May 17, 2021	Jun 3, 2021	Feb 15, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

May 17, 2021

Added

Jun 3, 2021

Modified

Feb 15, 2026

Description

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.

Solution

moodle-upgrade-latest

References

CVE-2019-14827
https://attackerkb.com/topics/CVE-2019-14827
CWE-94
https://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-62284
https://moodle.org/mod/forum/discuss.php?d=391030

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today