vulnerability
Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36568)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Sep 13, 2022 | Sep 19, 2022 | Jan 30, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Sep 13, 2022
Added
Sep 19, 2022
Modified
Jan 30, 2025
Description
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
Solution
moodle-upgrade-latest
References
- CVE-2021-36568
- https://attackerkb.com/topics/CVE-2021-36568
- URL-https://blog.hackingforce.com.br/en/cve-2021-36568/
- URL-https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.