CVE-2021-36402
https://notcve.org/view.php?id=CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. • https://moodle.org/mod/forum/discuss.php?d=424808 • CWE-20: Improper Input Validation •
CVE-2021-36403
https://notcve.org/view.php?id=CVE-2021-36403
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. • https://moodle.org/mod/forum/discuss.php?d=424809 • CWE-912: Hidden Functionality •
CVE-2021-36400
https://notcve.org/view.php?id=CVE-2021-36400
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. • https://moodle.org/mod/forum/discuss.php?d=424806 • CWE-276: Incorrect Default Permissions CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2021-36401
https://notcve.org/view.php?id=CVE-2021-36401
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. • https://moodle.org/mod/forum/discuss.php?d=424807 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-36395
https://notcve.org/view.php?id=CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. • https://moodle.org/mod/forum/discuss.php?d=424801 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •