CVE-2021-47857
EUVD-2026-361621.01.2026, 18:16
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
Awaiting analysis
This vulnerability is currently awaiting analysis.