Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36398)

Description

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

Remediation

References

Related Vulnerabilities

Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)

Opencart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36694)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)

Tornado Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2014-9720)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.0.15)

Severity

Medium

Classification

CVE-2021-36398 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities