CVE-2021-36402: Input Validation
First published: Mon Mar 06 2023(Updated: )
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | <3.9.8 | |
| Moodle Moodle | >=3.10.0<3.10.5 | |
| Moodle Moodle | >=3.11.0<3.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Moodle vulnerability?
The vulnerability ID for this Moodle vulnerability is CVE-2021-36402.
What is the severity of CVE-2021-36402?
The severity of CVE-2021-36402 is medium.
How does CVE-2021-36402 affect Moodle?
CVE-2021-36402 affects Moodle by requiring additional sanitizing of users' names in the account confirmation email to prevent a self-registration phishing risk.
Which versions of Moodle are affected by CVE-2021-36402?
CVE-2021-36402 affects Moodle versions up to 3.9.8, versions 3.10.0 to 3.10.5, and versions 3.11.0 to 3.11.1.
How can I fix CVE-2021-36402?
To fix CVE-2021-36402, you should update your Moodle installation to versions 3.9.9, 3.10.6, or 3.11.2, which include the necessary sanitization of users' names in the account confirmation email.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.10.0
- version/moodle moodle/3.11.0