CVE-2021-43558

Name of the Vulnerable Software and Affected Versions Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle earlier unsupported versions

Description A flaw was found in the filetype site administrator tool, where a URL parameter required extra sanitizing to prevent a reflected XSS risk. This issue is related to the lack of protection measures for the web page structure, which could allow a remote attacker to perform cross-site scripting attacks.

Recommendations For Moodle versions 3.11 to 3.11.3, update to a version that includes the necessary sanitizing for the URL parameter in the filetype site administrator tool. For Moodle versions 3.10 to 3.10.7, update to a version that includes the necessary sanitizing for the URL parameter in the filetype site administrator tool. For Moodle versions 3.9 to 3.9.10, update to a version that includes the necessary sanitizing for the URL parameter in the filetype site administrator tool. For Moodle earlier unsupported versions, consider upgrading to a supported version that includes the necessary security fixes.