MSA-22-0028: Apply upstream security fix to VideoJS library to remove XSS risk An upstream security patch was applied to the third party VideoJS library included with Moodle, on versions affected by an XSS risk. Versions affected: 3.11 to 3.11.10, 3.9 to 3.9.17 and earlier unsupported versions Versions fixed: 3.11.11 and 3.9.18
References: https://moodle.org/mod/forum/discuss.php?d=440767 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75278
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2144704] Affects: fedora-35 [bug 2144705] Affects: fedora-36 [bug 2144706] Affects: fedora-37 [bug 2144707]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.