CVE-2021-36568

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

History

07 Nov 2023, 03:36

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/', 'name': 'FEDORA-2022-1c77803b43', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/', 'name': 'FEDORA-2022-50c091d963', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/ -

30 Sep 2022, 19:15

Type Values Removed Values Added
First Time Fedoraproject
Fedoraproject fedora
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

21 Sep 2022, 03:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/ -

18 Sep 2022, 01:07

Type Values Removed Values Added
CPE cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:*
CWE CWE-79
First Time Moodle moodle
Moodle
References (MISC) https://blog.hackingforce.com.br/en/cve-2021-36568/ - (MISC) https://blog.hackingforce.com.br/en/cve-2021-36568/ - Exploit, Third Party Advisory
References (MISC) https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing - (MISC) https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing - Broken Link, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

13 Sep 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-13 22:15

Updated : 2023-12-10 14:35


NVD link : CVE-2021-36568

Mitre link : CVE-2021-36568

CVE.ORG link : CVE-2021-36568


JSON object : View

Products Affected

fedoraproject

  • fedora

moodle

  • moodle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')