Description

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

Remediation

References

CVE-2021-36568

Related Vulnerabilities

WordPress Plugin Facebook Page Photo Gallery Cross-Site Scripting (2.0.9)

MySQL CVE-2018-2846 Vulnerability (CVE-2018-2846)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594)

WordPress Plugin WordPress OpenID Connect Client Cross-Site Scripting (2.1.4)

WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.4.7)

Severity

Medium

Classification

CVE-2021-36568 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities