Vulnerability-Lookup

CVE-2021-27131 (GCVE-0-2021-27131)

Vulnerability from cvelistv5 – Published: 2023-05-16 00:00 – Updated: 2024-08-03 20:40 Disputed

Summary

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

WID-SEC-W-2023-1224

Vulnerability from csaf_certbund - Published: 2023-05-16 22:00 - Updated: 2023-05-18 22:00

Summary

Moodle: Schwachstelle ermöglicht Cross-Site Scripting

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Moodle ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Moodle ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1224 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1224.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1224 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1224"
      },
      {
        "category": "external",
        "summary": "Red Hat Bug-Tracker 2207982 vom 2023-05-17",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207982"
      },
      {
        "category": "external",
        "summary": "Github Security Advisory vom 2023-05-16",
        "url": "https://github.com/advisories/GHSA-w2pm-fr62-jgv4"
      }
    ],
    "source_lang": "en-US",
    "title": "Moodle: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
    "tracking": {
      "current_release_date": "2023-05-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:50:55.993+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1224",
      "initial_release_date": "2023-05-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-05-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-05-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Moodle 3.10.1",
            "product": {
              "name": "Open Source Moodle 3.10.1",
              "product_id": "T027749",
              "product_identification_helper": {
                "cpe": "cpe:/a:open_source:moodle:3.10.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-27131",
      "notes": [
        {
          "category": "description",
          "text": "In Moodle existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden Parameter in \"/admin/settings.php\" nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T027749"
        ]
      },
      "release_date": "2023-05-16T22:00:00.000+00:00",
      "title": "CVE-2021-27131"
    }
  ]
}

GHSA-W2PM-FR62-JGV4

Vulnerability from github – Published: 2023-05-16 21:30 – Updated: 2023-05-25 19:07

Summary

Moodle vulnerable to stored Cross-site Scripting

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.10.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-17T17:05:54Z",
    "nvd_published_at": "2023-05-16T20:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in `/admin/settings.php`. This vulnerability may lead an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.",
  "id": "GHSA-w2pm-fr62-jgv4",
  "modified": "2023-05-25T19:07:51Z",
  "published": "2023-05-16T21:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131"
    },
    {
      "type": "WEB",
      "url": "https://docs.moodle.org/402/en/Risks"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle vulnerable to stored Cross-site Scripting"
}

CNVD-2023-43862

Vulnerability from cnvd - Published: 2023-06-02

Title

Moodle跨站脚本漏洞（CNVD-2023-43862）

Description

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 3.10.1版本存在跨站脚本漏洞，该漏洞源于输入清理不当，容易受到持久性和存储型跨站脚本(XSS)攻击，攻击者可利用该漏洞窃取管理员和所有用户帐户的cookie。

Severity

中

Patch Name

Moodle跨站脚本漏洞（CNVD-2023-43862）的补丁

Patch Description

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 3.10.1版本存在跨站脚本漏洞，该漏洞源于输入清理不当，容易受到持久性和存储型跨站脚本(XSS)攻击，攻击者可利用该漏洞窃取管理员和所有用户帐户的cookie。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/moodle/moodle/releases/tag/v4.2.0

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-27131

Impacted products

Name
moodle Moodle 3.10.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27131",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131"
    }
  },
  "description": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\n\nMoodle 3.10.1\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u6e05\u7406\u4e0d\u5f53\uff0c\u5bb9\u6613\u53d7\u5230\u6301\u4e45\u6027\u548c\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c(XSS)\u653b\u51fb\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u7ba1\u7406\u5458\u548c\u6240\u6709\u7528\u6237\u5e10\u6237\u7684cookie\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://github.com/moodle/moodle/releases/tag/v4.2.0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-43862",
  "openTime": "2023-06-02",
  "patchDescription": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle 3.10.1\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u6e05\u7406\u4e0d\u5f53\uff0c\u5bb9\u6613\u53d7\u5230\u6301\u4e45\u6027\u548c\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c(XSS)\u653b\u51fb\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u7ba1\u7406\u5458\u548c\u6240\u6709\u7528\u6237\u5e10\u6237\u7684cookie\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moodle\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-43862\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "moodle Moodle 3.10.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131",
  "serverity": "\u4e2d",
  "submitTime": "2023-05-30",
  "title": "Moodle\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2023-43862\uff09"
}

bit-moodle-2021-27131

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:10

Modified

2025-04-03 14:40

Summary

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "moodle",
        "purl": "pkg:bitnami/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.10.1"
            },
            {
              "fixed": "3.10.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27131"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:moodle:moodle:3.10.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).",
  "id": "BIT-moodle-2021-27131",
  "modified": "2025-04-03T14:40:37.652Z",
  "published": "2024-03-06T11:10:34.074Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://docs.moodle.org/402/en/Risks"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131"
    }
  ],
  "schema_version": "1.5.0"
}

FKIE_CVE-2021-27131

Vulnerability from fkie_nvd - Published: 2023-05-16 20:15 - Updated: 2024-11-21 05:57

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://docs.moodle.org/402/en/Risks
cve@mitre.org	https://github.com/moodle/moodle	Product
cve@mitre.org	https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://docs.moodle.org/402/en/Risks
af854a3a-2127-422b-91ae-364da2661108	https://github.com/moodle/moodle	Product
af854a3a-2127-422b-91ae-364da2661108	https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md	Exploit

Impacted products

	Vendor	Product	Version
	moodle	moodle	3.10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE1A209-128A-4D30-845C-298A3EEB93FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript)."
    }
  ],
  "id": "CVE-2021-27131",
  "lastModified": "2024-11-21T05:57:22.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-16T20:15:08.987",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://docs.moodle.org/402/en/Risks"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/moodle/moodle"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.moodle.org/402/en/Risks"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://github.com/moodle/moodle"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-27131

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

** DISPUTED ** Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).

Aliases

CVE-2021-27131

Aliases

CVE-2021-27131

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27131",
    "id": "GSD-2021-27131"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27131"
      ],
      "details": "** DISPUTED ** Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).",
      "id": "GSD-2021-27131",
      "modified": "2023-12-13T01:23:36.020675Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-27131",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED ** Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/moodle/moodle",
            "refsource": "MISC",
            "url": "https://github.com/moodle/moodle"
          },
          {
            "name": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md",
            "refsource": "MISC",
            "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
          },
          {
            "name": "https://docs.moodle.org/402/en/Risks",
            "refsource": "MISC",
            "url": "https://docs.moodle.org/402/en/Risks"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "=3.10.1",
          "affected_versions": "Version 3.10.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2023-05-25",
          "description": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.",
          "fixed_versions": [
            "3.10.2"
          ],
          "identifier": "CVE-2021-27131",
          "identifiers": [
            "CVE-2021-27131",
            "GHSA-w2pm-fr62-jgv4"
          ],
          "not_impacted": "All versions before 3.10.1, all versions after 3.10.1",
          "package_slug": "packagist/moodle/moodle",
          "pubdate": "2023-05-16",
          "solution": "Upgrade to version 3.10.2 or above.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-27131",
            "https://github.com/moodle/moodle",
            "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md",
            "https://github.com/advisories/GHSA-w2pm-fr62-jgv4"
          ],
          "uuid": "75b6c789-67ff-4fba-bcd0-60e8eec717c6"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:moodle:moodle:3.10.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8DE1A209-128A-4D30-845C-298A3EEB93FF",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the \"Additional HTML Section\" for \"Header and Footer\" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript)."
          }
        ],
        "id": "CVE-2021-27131",
        "lastModified": "2024-04-11T01:10:53.360",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.3,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-05-16T20:15:08.987",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://docs.moodle.org/402/en/Risks"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Product"
            ],
            "url": "https://github.com/moodle/moodle"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-27131 (GCVE-0-2021-27131)

WID-SEC-W-2023-1224

GHSA-W2PM-FR62-JGV4

CNVD-2023-43862

bit-moodle-2021-27131

Vulnerability from bitnami_vulndb

FKIE_CVE-2021-27131

GSD-2021-27131

Tags

Sightings

Nomenclature