CVE-2021-36568

{"id": "CVE-2021-36568", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-09-13T22:15:08.793", "references": [{"url": "https://blog.hackingforce.com.br/en/cve-2021-36568/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing", "tags": ["Broken Link", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/", "source": "cve@mitre.org"}, {"url": "https://blog.hackingforce.com.br/en/cve-2021-36568/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In certain Moodle products after creating a course, it is possible to add in a arbitrary \"Topic\" a resource, in this case a \"Database\" with the type \"Text\" where its values \"Field name\" and \"Field description\" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7."}, {"lang": "es", "value": "En determinados productos Moodle despu\u00e9s de crear un curso, es posible a\u00f1adir en un \"Topic\" arbitrario un recurso, en este caso una \"Database\" con el tipo \"Text\" donde sus valores \"Field name\" y \"Field description\" son vulnerables a un ataque de tipo Cross Site Scripting (XSS) Almacenado. Esto afecta a Moodle versi\u00f3n 3.11 y Moodle versi\u00f3n 3.10.4 y Moodle versi\u00f3n 3.9.7"}], "lastModified": "2024-11-21T06:13:50.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D070C801-5A4A-4E1E-B3FA-CC59046E9524"}, {"criteria": "cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E9DDD5A-B05D-4DF2-817F-24C7F9FE7797"}, {"criteria": "cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9117F56C-AAE4-4499-B702-2AEE25424D4C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}