CVE-2021-36568 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-36568

CVE-2021-36568

September 13, 2022

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

Related Resources (10)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/

https://blog.hackingforce.com.br/en/cve-2021-36568/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW

https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing

https://nvd.nist.gov/vuln/detail/CVE-2021-36568

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/

https://bugzilla.redhat.com/show_bug.cgi?id=2126857

https://blog.hackingforce.com.br/en/cve-2021-36568

https://github.com/moodle/moodle

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC

Do you need more information?