Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-nna3-77cm-vbah
Vulnerability ID VCID-nna3-77cm-vbah
Aliases CVE-2020-14320
GHSA-fcpw-vqh5-6qwj
Summary Moodle reflected XSS Vulnerability In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00753 https://api.first.org/data/v1/epss?cve=CVE-2020-14320
epss 0.00753 https://api.first.org/data/v1/epss?cve=CVE-2020-14320
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fcpw-vqh5-6qwj
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/c6ffe9588ebb02b73c33a09e5d8061f58acc1701
generic_textual MODERATE https://github.com/moodle/moodle/commit/c6ffe9588ebb02b73c33a09e5d8061f58acc1701
cvssv3.1 6.1 https://moodle.org/mod/forum/discuss.php?d=407392
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=407392
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-14320
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-14320
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-14320
https://github.com/moodle/moodle/commit/c6ffe9588ebb02b73c33a09e5d8061f58acc1701
https://moodle.org/mod/forum/discuss.php?d=407392
https://nvd.nist.gov/vuln/detail/CVE-2020-14320
GHSA-fcpw-vqh5-6qwj https://github.com/advisories/GHSA-fcpw-vqh5-6qwj
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/c6ffe9588ebb02b73c33a09e5d8061f58acc1701
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=407392
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14320
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73557
EPSS Score 0.00753
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:51:58.348372+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-fcpw-vqh5-6qwj/GHSA-fcpw-vqh5-6qwj.json 38.6.0