CVE-2021-36568

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

CVE-2021-36568

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" is vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

Affected Versions

Version 3.9.7, version 3.10.4, version 3.11.0

Solution

Upgrade to versions 3.9.8, 3.10.5, 3.11.1 or above.

Last Modified

2022-09-19

source