In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. https://blog.hackingforce.com.br/en/cve-2021-36568/ https://drive.google.com/drive/folders/1_fO4BKpmD3avGYHSzvIXWs5owqVYgB1s?usp=sharing
Created moodle tracking bugs for this issue: Affects: fedora-all [bug 2126858]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
(In reply to Product Security DevOps Team from comment #2) > This CVE Bugzilla entry is for community support informational purposes only > as it does not affect a package in a commercially supported Red Hat product. > Refer to the dependent bugs for status of those individual community > products. How did you come to this conclusion? I don't think any fix exists, and Moodle is indeed packaged by Red Hat products.