CVE-2021-36568

MEDIUM5.4EPSS 0.43%

Moodle Cross-site Scripting vulnerability

發布日:2022/9/14修改日:2024/2/16

也稱為:GHSA-fm6m-fg23-67jqBIT-moodle-2021-36568

描述

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11.x prior to 3.11.10, Moodle 3.10.4, and Moodle 3.9.7.

受影響套件(2)

Bitnami/moodle>= 3.9.7, < 3.9.8, >= 3.10.4, < 3.10.5, >= 3.11.0, < 3.11.1
Packagist/moodle/moodlefrom 0, <= 3.9.7

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(10)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-36568
PATCHhttps://github.com/moodle/moodle
WEBhttps://blog.hackingforce.com.br/en/cve-2021-36568
WEBhttps://blog.hackingforce.com.br/en/cve-2021-36568/
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2126857
WEBhttps://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing
WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/
WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/
WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW
WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC