First published: Mon Mar 06 2023(Updated: )
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Credit: patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =3.11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Moodle vulnerability is CVE-2021-36398.
The severity of CVE-2021-36398 is medium with a CVSS score of 5.4.
CVE-2021-36398 is a vulnerability in Moodle where ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Moodle version 3.11.0 is affected by CVE-2021-36398.
Yes, a fix is available for CVE-2021-36398. It is recommended to update to the latest version of Moodle to mitigate the vulnerability.