CVE-2020-14320: 
PHP vulnerability analysis and mitigation

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in Moodle's admin task log filter functionality. The vulnerability, identified as CVE-2020-14320, affected Moodle versions before 3.9.1, 3.8.4, and 3.7.7. The issue was discovered by Spyridon Chatzimichail and required additional sanitization of the filter to prevent the XSS risk (Moodle Advisory).

The vulnerability was classified as a reflected XSS issue (CWE-79: Improper Neutralization of Input During Web Page Generation) in the admin task log filter. The severity was rated as MEDIUM with a CVSS v3.1 base score of 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) (NVD).

The vulnerability could allow attackers to execute arbitrary web script or HTML code in the context of the affected web application through the admin task log filter. This could potentially lead to theft of sensitive information or modification of web page content (NVD).

The vulnerability was fixed in Moodle versions 3.9.1, 3.8.4, and 3.7.7. Users are advised to upgrade to these or later versions to address the security risk. The fix involved implementing additional sanitization measures for the admin task log filter (Moodle Advisory).