{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T00:55:28.765","vulnerabilities":[{"cve":{"id":"CVE-2020-25631","sourceIdentifier":"secalert@redhat.com","published":"2020-12-08T01:15:12.007","lastModified":"2024-11-21T05:18:17.197","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the \"Add new chapter\" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8."},{"lang":"es","value":"Se encontró una vulnerabilidad en Moodle versiones 3.9 hasta 3.9.1, 3.8 hasta 3.8.4 y 3.7 hasta 3.7.7, donde era posible incluir JavaScript en el título del capítulo de un libro, que no era escapado en la página \"Add new chapter\". Esto es corregido en las versiones 3.9.2, 3.8.5 y 3.7.8"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.8","matchCriteriaId":"950E176E-D992-4526-BBC7-2D2352956B1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.5","matchCriteriaId":"2CD970C3-DD85-48C8-A95D-69390F61B1E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.2","matchCriteriaId":"7621A65F-A568-45DE-B2B7-A809EB48409F"}]}]}],"references":[{"url":"https://moodle.org/mod/forum/discuss.php?d=410843","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=410843","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}