CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36399
https://notcve.org/view.php?id=CVE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. • https://moodle.org/mod/forum/discuss.php?d=424805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36395
https://notcve.org/view.php?id=CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. • https://moodle.org/mod/forum/discuss.php?d=424801 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36392
https://notcve.org/view.php?id=CVE-2021-36392
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. • https://moodle.org/mod/forum/discuss.php?d=424797 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2021-36394
https://notcve.org/view.php?id=CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. • https://github.com/dinhbaouit/CVE-2021-36394 https://github.com/lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle https://moodle.org/mod/forum/discuss.php?d=424799 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36398
https://notcve.org/view.php?id=CVE-2021-36398
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. • https://moodle.org/mod/forum/discuss.php?d=424804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •