Search for vulnerabilities
Vulnerability details: VCID-fm1z-x877-q7ce
Vulnerability ID VCID-fm1z-x877-q7ce
Aliases CVE-2021-36402
GHSA-gv8f-43pg-c5qw
Summary Moodle Improper Input Validation vulnerability In affected versions of Moodle, users' names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2021-36402
epss 0.00241 https://api.first.org/data/v1/epss?cve=CVE-2021-36402
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gv8f-43pg-c5qw
cvssv3.1 5.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 5.3 https://moodle.org/mod/forum/discuss.php?d=424808
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=424808
ssvc Track https://moodle.org/mod/forum/discuss.php?d=424808
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-36402
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-36402
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-36402
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=424808
https://nvd.nist.gov/vuln/detail/CVE-2021-36402
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
GHSA-gv8f-43pg-c5qw https://github.com/advisories/GHSA-gv8f-43pg-c5qw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=424808
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:59:21Z/ Found at https://moodle.org/mod/forum/discuss.php?d=424808
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-36402
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47328
EPSS Score 0.00241
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:05.338694+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-gv8f-43pg-c5qw/GHSA-gv8f-43pg-c5qw.json 36.1.3