CVE-2021-27131: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the “Additional HTML Section” via “Header and Footer” parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.
References
Detect and mitigate CVE-2021-27131 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →