MSA-22-0023: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers
|
System information
|
|
|
Affected software |
PHP |
Description
|
di Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker
More info:
https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793 |
Standar resources
|
Property |
Value |
CVE |
CVE-2022-40313. |