CVE-2021-36568 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-36568

CVE-2021-36568

Published:September 13, 2022

Updated:April 21, 2026

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

Related Resources (10)

https://bugzilla.redhat.com/show_bug.cgi?id=2126857

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/

https://github.com/moodle/moodle

https://blog.hackingforce.com.br/en/cve-2021-36568

https://nvd.nist.gov/vuln/detail/CVE-2021-36568

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW

https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing

https://blog.hackingforce.com.br/en/cve-2021-36568/

Do you need more information?