The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

🗓️ 01 Jun 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

Moodle vulnerability from unprotected page structure enables HTML and script execution in users' browsers.

Reporter	Title	Published	Views	Family All 99
Circl	CVE-2021-32475	11 Mar 202220:15	–	circl
CNNVD	Moodle 跨站脚本漏洞	17 May 202100:00	–	cnnvd
CVE	CVE-2021-32475	11 Mar 202217:54	–	cve
Cvelist	CVE-2021-32475	11 Mar 202217:54	–	cvelist
EUVD	EUVD-2022-1331	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle stored Cross-site Scripting	12 Mar 202200:00	–	github
NVD	CVE-2021-32475	11 Mar 202218:15	–	nvd
OpenVAS	Moodle < 3.5.18, 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerability	6 Jul 202100:00	–	openvas
OpenVAS	Moodle < 3.5.18, 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0013, MSA-21-0014, MSA-21-0015, MSA-21-0016)	15 Mar 202200:00	–	openvas
OSV	BIT-MOODLE-2021-32475	6 Mar 202411:10	–	osv

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021051707
redos	www.redos.red-soft.ru/updatesec/
web	www.web.nvd.nist.gov/view/vuln/detail

01 Jun 2021 00:00Current

7High risk

Vulners AI Score7

CVSS 26.4

CVSS 37.2

EPSS0.00569

Moodle vulnerability unprotected page structure arbitrary script execution client side scripting web browser context