Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/79982?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.5.17", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.5.18", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54192?format=api", "vulnerability_id": "VCID-bbj9-hpz3-xqhh", "summary": "Cross-site Scripting\nThe ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00436", "scoring_system": "epss", "scoring_elements": "0.63334", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20279" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939033", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939033" }, { "reference_url": "https://github.com/moodle/moodle/commit/a7e0ba1e71205ccb0a73dedee414f1a167ee2ed7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a7e0ba1e71205ccb0a73dedee414f1a167ee2ed7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419650", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419650" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20279", "reference_id": "CVE-2021-20279", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20279" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20279", "GHSA-h7h6-fwpv-ggvx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbj9-hpz3-xqhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54193?format=api", "vulnerability_id": "VCID-dpd2-1sqc-qqfy", "summary": "Information Exposure\nIt was possible for some users without permission to view other users' full names to do so via the online users block in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43221", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20281" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939041", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939041" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/33d6017287e1835513a3de8edd3fbf7a6a90af9c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/33d6017287e1835513a3de8edd3fbf7a6a90af9c" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419652", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20281", "reference_id": "CVE-2021-20281", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20281", "GHSA-93wh-35r4-6qmw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dpd2-1sqc-qqfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54185?format=api", "vulnerability_id": "VCID-gnez-ehgq-rfbr", "summary": "Incorrect Authorization\nWhen creating a user account, it was possible to verify the account without having access to the verification email `link/secret` in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39052", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939046", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939046" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419653", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419653" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20282", "reference_id": "CVE-2021-20282", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20282" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20282", "GHSA-grj4-g57c-9xmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnez-ehgq-rfbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54183?format=api", "vulnerability_id": "VCID-mqde-66zm-qbbj", "summary": "Incorrect Authorization\nThe web service responsible for fetching other users' enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35659", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939051", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939051" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419654", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20283", "reference_id": "CVE-2021-20283", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20283" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20283", "GHSA-2m72-m5cw-3g9h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mqde-66zm-qbbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54187?format=api", "vulnerability_id": "VCID-pgfa-bkaw-q7cq", "summary": "Cross-site Scripting\nText-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle", "references": [ { "reference_url": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75733", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20280" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939037", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939037" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/a303eb9e9e387f95ea2a80cb1ce6c0b132ec1cc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a303eb9e9e387f95ea2a80cb1ce6c0b132ec1cc4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=419651", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=419651" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20280", "reference_id": "CVE-2021-20280", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20280" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79982?format=api", "purl": "pkg:composer/moodle/moodle@3.5.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/59624?format=api", "purl": "pkg:composer/moodle/moodle@3.8.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-u32t-89zc-v3gj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/79983?format=api", "purl": "pkg:composer/moodle/moodle@3.9.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "aliases": [ "CVE-2021-20280", "GHSA-x2jp-hh65-4xvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pgfa-bkaw-q7cq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.17" }