Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-36568 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-36568

Medium
Reference: CVE-2021-36568
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-36568
Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In certain Moodle products after creating a course it is possible to add in a arbitrary quotTopicquot a resource in this case a quotDatabasequot with the type quotTextquot where its values quotField namequot and quotField descriptionquot are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.