vulnerability
Moodle: Stored XSS in the web service token list via user ID number (CVE-2021-36398)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Mar 6, 2023 | Mar 17, 2023 | Jan 28, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Mar 6, 2023
Added
Mar 17, 2023
Modified
Jan 28, 2025
Description
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Solution
moodle-upgrade-3_11_1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.