CVE-2021-43558

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2021515 Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=429097 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

14 Jun 2022, 14:38

Type Values Removed Values Added
First Time Fedoraproject extra Packages For Enterprise Linux
CPE cpe:2.3:a:fedoraproject:fedora_extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*

26 Nov 2021, 20:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
CPE cpe:2.3:a:fedoraproject:fedora_extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2021515 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2021515 - Issue Tracking, Third Party Advisory
References (MISC) https://moodle.org/mod/forum/discuss.php?d=429097 - (MISC) https://moodle.org/mod/forum/discuss.php?d=429097 - Patch, Vendor Advisory
CWE CWE-79

22 Nov 2021, 16:36

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-22 16:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-43558

Mitre link : CVE-2021-43558

CVE.ORG link : CVE-2021-43558


JSON object : View

Products Affected

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

moodle

  • moodle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')