The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. References: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
External References: https://moodle.org/mod/forum/discuss.php?d=410840
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 1927284] Affects: fedora-all [bug 1927283]
Security flaws will close automatically upon closing the last tracker. There is still a tracker for epel-7 that is open. Reopened the flaw.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.