CVE-2021-36568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
In certain Moodle products after creating a course, it is possible to add in a arbitrary “Topic” a resource, in this case a “Database” with the type “Text” where its values “Field name” and “Field description” is vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
References
Detect and mitigate CVE-2021-36568 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →