Unrated severityOSV Advisory· Published Jan 21, 2026· Updated Mar 5, 2026
Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
CVE-2021-47857
Description
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/49714mitreexploit
- www.vulncheck.com/advisories/moodle-label-persistent-cross-site-scriptingmitrethird-party-advisory
- moodle.orgmitreproduct
News mentions
0No linked articles in our index yet.