CVE-2021-36401 - Vulnerability Details

Vendors	Products
Moodle	Moodle

Link	Providers
https://moodle.org/mod/forum/discuss.php?d=424807

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-36401", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "assignerShortName": "fedora", "dateUpdated": "2025-03-07T18:02:47.009Z", "dateReserved": "2021-07-12T00:00:00.000Z", "datePublished": "2023-03-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2023-03-06T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk."}], "affected": [{"vendor": "n/a", "product": "Moodle", "versions": [{"version": "3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions", "status": "affected"}]}], "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=424807"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79", "cweId": "CWE-79"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:51.588Z"}, "title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=424807", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T18:02:05.507600Z", "id": "CVE-2021-36401", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T18:02:47.009Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2021-36401 (string)

assignerOrgId : 92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5 (string)

assignerShortName : fedora (string)

dateUpdated : 2025-03-07T18:02:47.009Z (string)

dateReserved : 2021-07-12T00:00:00.000Z (string)

datePublished : 2023-03-06T00:00:00.000Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5 (string)

shortName : fedora (string)

dateUpdated : 2023-03-06T00:00:00.000Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : Moodle (string)

versions : [ »

0 : { »

version : 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-79 (string)

cweId : CWE-79 (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T00:54:51.588Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 4.8 (number)

attackVector : ADJACENT_NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : LOW (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-03-07T18:02:05.507600Z (string)

id : CVE-2021-36401 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-07T18:02:47.009Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=424807", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:51.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-36401", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-07T18:02:05.507600Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T18:02:30.260Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Moodle", "versions": [{"status": "affected", "version": "3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions"}]}], "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=424807"}], "descriptions": [{"lang": "en", "value": "In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2023-03-06T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2021-36401", "state": "PUBLISHED", "dateUpdated": "2025-03-07T18:02:47.009Z", "dateReserved": "2021-07-12T00:00:00.000Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2023-03-06T00:00:00.000Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T00:54:51.588Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 4.8 (number)

attackVector : ADJACENT_NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : LOW (string)

confidentialityImpact : LOW (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2021-36401 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-03-07T18:02:05.507600Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-03-07T18:02:30.260Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : Moodle (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions (string)

}

]

}

]

references : [ »

0 : { »

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-79 (string)

description : CWE-79 (string)

}

]

}

]

providerMetadata : { »

orgId : 92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5 (string)

shortName : fedora (string)

dateUpdated : 2023-03-06T00:00:00.000Z (string)

}

cveMetadata : { »

cveId : CVE-2021-36401 (string)

state : PUBLISHED (string)

dateUpdated : 2025-03-07T18:02:47.009Z (string)

dateReserved : 2021-07-12T00:00:00.000Z (string)

assignerOrgId : 92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5 (string)

datePublished : 2023-03-06T00:00:00.000Z (string)

assignerShortName : fedora (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "6ED9E7B8-EAD3-4BE3-BC62-E2B9926EE426", "versionEndExcluding": "3.9.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F564F50-7DC5-4243-897A-D9334AC7B1BE", "versionEndExcluding": "3.10.5", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "F54C5456-58D7-4042-96FA-BD88C9B88EB0", "versionEndExcluding": "3.11.1", "versionStartIncluding": "3.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk."}], "id": "CVE-2021-36401", "lastModified": "2025-03-07T18:15:35.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-03-06T22:15:09.620", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=424807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=424807"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6ED9E7B8-EAD3-4BE3-BC62-E2B9926EE426 (string)

versionEndExcluding : 3.9.8 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5F564F50-7DC5-4243-897A-D9334AC7B1BE (string)

versionEndExcluding : 3.10.5 (string)

versionStartIncluding : 3.10.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F54C5456-58D7-4042-96FA-BD88C9B88EB0 (string)

versionEndExcluding : 3.11.1 (string)

versionStartIncluding : 3.11.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. (string)

}

]

id : CVE-2021-36401 (string)

lastModified : 2025-03-07T18:15:35.090 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2023-03-06T22:15:09.620 (string)

references : [ »

0 : { »

source : patrick@puiterwijk.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://moodle.org/mod/forum/discuss.php?d=424807 (string)

}

]

sourceIdentifier : patrick@puiterwijk.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : patrick@puiterwijk.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object