PT-2021-3115 · Moodle+1 · Moodle+1
Paul Holden
·
Published
2021-05-10
·
Updated
2024-03-06
·
CVE-2021-32475
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.5 to 3.5.17
Moodle versions 3.8 to 3.8.8
Moodle versions 3.9 to 3.9.6
Moodle versions 3.10 to 3.10.3
Description
The issue is related to the quiz grading report in Moodle, where ID numbers required additional sanitizing to prevent a stored XSS risk. This could allow a remote attacker to execute arbitrary HTML and script code in the user's browser within the context of the vulnerable website.
Recommendations
For Moodle versions 3.5 to 3.5.17, update to a version that includes the necessary sanitizing to prevent the stored XSS risk.
For Moodle versions 3.8 to 3.8.8, update to a version that includes the necessary sanitizing to prevent the stored XSS risk.
For Moodle versions 3.9 to 3.9.6, update to a version that includes the necessary sanitizing to prevent the stored XSS risk.
For Moodle versions 3.10 to 3.10.3, update to a version that includes the necessary sanitizing to prevent the stored XSS risk.
Fix
OS Command Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle