CVE-2021-47857

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.10.4

Description A security issue exists in Moodle related to insufficient protection of the web page structure within the calendar event subtitle field. Successful exploitation of this issue could allow a remote attacker to conduct cross-site scripting (XSS) attacks. Specifically, an attacker can create a calendar event with malicious JavaScript code embedded in the subtitle track label. When users view the event, this malicious code will execute, potentially allowing the attacker to execute arbitrary code.

Recommendations Update to Moodle version 3.10.4 or later.