Moderate severityNVD Advisory· Published Nov 22, 2021· Updated Aug 4, 2024

CVE-2021-43558

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moodle/moodlePackagist	>= 3.11.0, < 3.11.4	3.11.4
moodle/moodlePackagist	>= 3.10.0, < 3.10.8	3.10.8
moodle/moodlePackagist	>= 3.9.0, < 3.9.11	3.9.11

Affected products

Moodle/Moodledescription
osv-coords2 versions
pkg:bitnami/moodle pkg:composer/moodle/moodle
< 3.8.9+ 1 more
- (no CPE)range: < 3.8.9
- (no CPE)range: >= 3.11.0, < 3.11.4

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wpfp-q843-v772ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-43558ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
moodle.org/mod/forum/discuss.phpghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000