Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)

Description

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

Remediation

References

Related Vulnerabilities

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2317)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.0.17)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0145)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0542)

WordPress Plugin FAQ Multiple Cross-Site Scripting Vulnerabilities (1.0.14)

Severity

Medium

Classification

CVE-2021-36400 CWE-639 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities