Lucene search
HistoryMar 06, 2023 - 11:15 p.m.
CVE-2021-36403
moodle
email notifications
message links
phishing risk
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.2%
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
Affected configurations
Node
moodlemoodleRange<3.9.8
ORmoodlemoodleRange3.10.0–3.10.5
ORmoodlemoodleRange3.11.0–3.11.1
Related
osv
osv
Moodle has a Hidden Functionality vulnerability
2023-03-07 00:30:25
CVE-2021-36403
2023-03-06 23:15:10
BIT-moodle-2021-36403
2024-03-06 11:08:18
veracode
veracode
Phishing Attack
2023-03-12 14:14:50
github
github
Moodle has a Hidden Functionality vulnerability
2023-03-07 00:30:25
cvelist
cvelist
CVE-2021-36403
2023-03-06 00:00:00
cve
cve
CVE-2021-36403
2023-03-06 23:15:10
ubuntucve
ubuntucve
CVE-2021-36403
2023-03-06 00:00:00
prion
prion
Design/Logic Flaw
2023-03-06 23:15:00
openvas
openvas
Moodle < 3.9.8, 3.10.x < 3.10.5, 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-03-07 00:00:00
nessus
nessus
Moodle 3.11.x < 3.11.1 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.9.x < 3.9.8 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 3.10.x < 3.10.5 Multiple Vulnerabilities
2023-02-20 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.2%
Related for NVD:CVE-2021-36403