CVE-2021-36568

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-36568

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36568.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-36568

Aliases

Downstream

UBUNTU-CVE-2021-36568

Published

2022-09-13T22:15:08.793Z

Modified

2026-04-11T12:36:44.621772Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.

Database specific

{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "35"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "36"
                }
            ]
        }
    ]
}

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Last affected

270f52bf55acaf121cbae6643a8fa6545d545c3f

Last affected

237f4ccada7c8ba85ac9391193293491d8953018

Last affected

94f2d3fc4b974c5c7d500988c56b7ca15f58d7ec

Database specific

{
    "cpe": [
        "cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.9.7"
        },
        {
            "last_affected": "3.10.4"
        },
        {
            "last_affected": "3.11.0"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.10.0

v3.10.0-beta

v3.10.0-rc1

v3.10.0-rc2

v3.10.1

v3.10.2

v3.10.3

v3.10.4

v3.11.0

v3.11.0-beta

v3.11.0-rc1

v3.11.0-rc2

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.5.0

v3.5.0-beta

v3.5.0-rc1

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.9.0

v3.9.0-beta

v3.9.0-rc1

v3.9.0-rc2

v3.9.0-rc3

v3.9.1

v3.9.2

v3.9.3

v3.9.4

v3.9.5

v3.9.6

v3.9.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36568.json"