In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
References
Configurations
History
07 Nov 2023, 03:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
30 Sep 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
21 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Sep 2022, 01:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:* |
|
CWE | CWE-79 | |
First Time |
Moodle moodle
Moodle |
|
References | (MISC) https://blog.hackingforce.com.br/en/cve-2021-36568/ - Exploit, Third Party Advisory | |
References | (MISC) https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing - Broken Link, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
13 Sep 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-13 22:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-36568
Mitre link : CVE-2021-36568
CVE.ORG link : CVE-2021-36568
JSON object : View
Products Affected
fedoraproject
- fedora
moodle
- moodle
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')