CVE-2021-27131

CVSS V2 None CVSS V3 None
Description
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.
Overview
  • CVE ID
  • CVE-2021-27131
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Received
  • Published Version
  • 2023-05-16T20:15:08
  • Last Modified Date
  • 2023-05-16T20:15:08
History
Created Old Value New Value Data Type Notes
2023-05-16 21:02:01 Added to TrackCVE