CVE-2021-43558

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2021515 Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=429097 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-11-22 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-43558

Mitre link : CVE-2021-43558

CVE.ORG link : CVE-2021-43558


JSON object : View

Products Affected

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

moodle

  • moodle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')