{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T16:12:13.466","vulnerabilities":[{"cve":{"id":"CVE-2021-36568","sourceIdentifier":"cve@mitre.org","published":"2022-09-13T22:15:08.793","lastModified":"2024-11-21T06:13:50.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In certain Moodle products after creating a course, it is possible to add in a arbitrary \"Topic\" a resource, in this case a \"Database\" with the type \"Text\" where its values \"Field name\" and \"Field description\" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7."},{"lang":"es","value":"En determinados productos Moodle después de crear un curso, es posible añadir en un \"Topic\" arbitrario un recurso, en este caso una \"Database\" con el tipo \"Text\" donde sus valores \"Field name\" y \"Field description\" son vulnerables a un ataque de tipo Cross Site Scripting (XSS) Almacenado. Esto afecta a Moodle versión 3.11 y Moodle versión 3.10.4 y Moodle versión 3.9.7"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.9.7:*:*:*:*:*:*:*","matchCriteriaId":"D070C801-5A4A-4E1E-B3FA-CC59046E9524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*","matchCriteriaId":"2E9DDD5A-B05D-4DF2-817F-24C7F9FE7797"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.11.0:*:*:*:*:*:*:*","matchCriteriaId":"9117F56C-AAE4-4499-B702-2AEE25424D4C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]}],"references":[{"url":"https://blog.hackingforce.com.br/en/cve-2021-36568/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/","source":"cve@mitre.org"},{"url":"https://blog.hackingforce.com.br/en/cve-2021-36568/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERQ3NHVOK4ZXT4MS4LBQ2ZJHTON3LIMW/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRI4ETMQ4DJR3TZUOOGPBQ32RBD5LNGC/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}