Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36401)

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2021-36401)

Severity

4

CVSS

(AV:A/AC:M/Au:S/C:P/I:P/A:N)

Published

03/06/2023

Created

03/15/2023

Added

03/15/2023

Modified

01/28/2025

Description

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

Solution(s)

• moodle-upgrade-3_10_5
• moodle-upgrade-3_11_1
• moodle-upgrade-3_9_8

References

• https://attackerkb.com/topics/cve-2021-36401
• CVE - 2021-36401
• https://moodle.org/mod/forum/discuss.php?d=424807