Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/45219?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45219?format=api", "vulnerability_id": "VCID-bu6d-ns3s-fuck", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMoodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.", "aliases": [ { "alias": "CVE-2021-27131" }, { "alias": "GHSA-w2pm-fr62-jgv4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65140?format=api", "purl": "pkg:composer/moodle/moodle@3.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-21mq-pewz-ekdt" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2gtq-u4jg-4uck" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-2wsu-7rzh-h7cs" }, { "vulnerability": "VCID-3mgk-4c3z-sudt" }, { "vulnerability": "VCID-3nu2-1cwj-sfdd" }, { "vulnerability": "VCID-3nvq-s7y5-fufr" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4spj-h1cc-rbfg" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-5ba5-pee7-6kh1" }, { "vulnerability": "VCID-5s33-v19s-sqd6" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6726-ca8y-4uez" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-6p1s-2r14-z7ax" }, { "vulnerability": "VCID-6rc8-bs9z-5bb2" }, { "vulnerability": "VCID-7p54-yn8k-aydw" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-893t-9cja-43g2" }, { "vulnerability": "VCID-8bzr-1mub-3ffq" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-95f1-6g3r-rkg4" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-ajrr-8392-kkcw" }, { "vulnerability": "VCID-b3vw-8hzh-dybx" }, { "vulnerability": "VCID-bhfv-dn14-ukfs" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-cp4k-uz4a-ukh6" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-d92c-j4yy-fud3" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dp61-6ban-cyda" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-evef-t6cx-vqcc" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-g3km-hbas-x3cg" }, { "vulnerability": "VCID-g9f7-787g-vyem" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gycn-bey2-4yam" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-heb8-damy-47e5" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-hkef-37rz-4baf" }, { "vulnerability": "VCID-hmuw-bjax-37bz" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-hwnq-6kng-kkcx" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-j21p-heue-nqd9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jkyc-esnt-p3ay" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-m3jj-r66a-d7cv" }, { "vulnerability": "VCID-m9tk-fa8m-zbah" }, { "vulnerability": "VCID-mhh7-n7ut-hkh6" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-ms4e-v5zc-9kgc" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-nxy4-wr2t-e7fw" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-pged-191y-quhm" }, { "vulnerability": "VCID-qabh-bpmn-1ye5" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-qruy-fs4p-43h1" }, { "vulnerability": "VCID-qw4y-q2gg-akea" }, { "vulnerability": "VCID-r1ug-e8x6-83gt" }, { "vulnerability": "VCID-r4m3-9prr-dkby" }, { "vulnerability": "VCID-r5w9-cbyk-hqc6" }, { "vulnerability": "VCID-rm2q-xde7-a3ej" }, { "vulnerability": "VCID-ry6t-xcsq-4bf2" }, { "vulnerability": "VCID-rzbf-yc44-6bdb" }, { "vulnerability": "VCID-sca8-zx4m-sub6" }, { "vulnerability": "VCID-sdxf-f1b3-t3cc" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-tb5z-bfmc-zkgh" }, { "vulnerability": "VCID-team-9wba-yufc" }, { "vulnerability": "VCID-tgs8-3n7x-cyc1" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-uhc9-p93a-gbau" }, { "vulnerability": "VCID-umd1-pmr4-4bgs" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwny-t2ez-y3e1" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xh4x-t7he-pufq" }, { "vulnerability": "VCID-y4g2-328f-qbge" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-yc6t-am1p-x3ev" }, { "vulnerability": "VCID-yenj-fv96-pbd7" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-ytd5-2swj-wkh1" }, { "vulnerability": "VCID-z29a-xpcq-p7ct" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" }, { "vulnerability": "VCID-ztjp-76rp-hfhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65139?format=api", "purl": "pkg:composer/moodle/moodle@3.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-21mq-pewz-ekdt" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2cdg-m3pq-ufe5" }, { "vulnerability": "VCID-2gtq-u4jg-4uck" }, { "vulnerability": "VCID-2jta-hqah-d7cf" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-2wsu-7rzh-h7cs" }, { "vulnerability": "VCID-3mgk-4c3z-sudt" }, { "vulnerability": "VCID-3nu2-1cwj-sfdd" }, { "vulnerability": "VCID-3nvq-s7y5-fufr" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4spj-h1cc-rbfg" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-5ba5-pee7-6kh1" }, { "vulnerability": "VCID-5s33-v19s-sqd6" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6726-ca8y-4uez" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-6p1s-2r14-z7ax" }, { "vulnerability": "VCID-6rc8-bs9z-5bb2" }, { "vulnerability": "VCID-7p54-yn8k-aydw" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-893t-9cja-43g2" }, { "vulnerability": "VCID-8bzr-1mub-3ffq" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-95f1-6g3r-rkg4" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-ajrr-8392-kkcw" }, { "vulnerability": "VCID-b3vw-8hzh-dybx" }, { "vulnerability": "VCID-bbj9-hpz3-xqhh" }, { "vulnerability": "VCID-bhfv-dn14-ukfs" }, { "vulnerability": "VCID-bju3-sj3y-83e3" }, { "vulnerability": "VCID-bu6d-ns3s-fuck" }, { "vulnerability": "VCID-cp4k-uz4a-ukh6" }, { "vulnerability": "VCID-cs5n-4bst-zfcj" }, { "vulnerability": "VCID-d92c-j4yy-fud3" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dp61-6ban-cyda" }, { "vulnerability": "VCID-dpd2-1sqc-qqfy" }, { "vulnerability": "VCID-efq2-s2df-pqa1" }, { "vulnerability": "VCID-evef-t6cx-vqcc" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-g3km-hbas-x3cg" }, { "vulnerability": "VCID-g9f7-787g-vyem" }, { "vulnerability": "VCID-gnez-ehgq-rfbr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gycn-bey2-4yam" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-heb8-damy-47e5" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-hkef-37rz-4baf" }, { "vulnerability": "VCID-hmuw-bjax-37bz" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-hwnq-6kng-kkcx" }, { "vulnerability": "VCID-j1s3-fyue-2kfy" }, { "vulnerability": "VCID-j21p-heue-nqd9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jkyc-esnt-p3ay" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-m3jj-r66a-d7cv" }, { "vulnerability": "VCID-m9tk-fa8m-zbah" }, { "vulnerability": "VCID-mhh7-n7ut-hkh6" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-mqde-66zm-qbbj" }, { "vulnerability": "VCID-ms4e-v5zc-9kgc" }, { "vulnerability": "VCID-n7d3-j3jn-rqfc" }, { "vulnerability": "VCID-nxy4-wr2t-e7fw" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-pged-191y-quhm" }, { "vulnerability": "VCID-pgfa-bkaw-q7cq" }, { "vulnerability": "VCID-qabh-bpmn-1ye5" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-qruy-fs4p-43h1" }, { "vulnerability": "VCID-qw4y-q2gg-akea" }, { "vulnerability": "VCID-r1ug-e8x6-83gt" }, { "vulnerability": "VCID-r4m3-9prr-dkby" }, { "vulnerability": "VCID-r5w9-cbyk-hqc6" }, { "vulnerability": "VCID-rm2q-xde7-a3ej" }, { "vulnerability": "VCID-ry6t-xcsq-4bf2" }, { "vulnerability": "VCID-rzbf-yc44-6bdb" }, { "vulnerability": "VCID-sca8-zx4m-sub6" }, { "vulnerability": "VCID-sdxf-f1b3-t3cc" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-tb5z-bfmc-zkgh" }, { "vulnerability": "VCID-team-9wba-yufc" }, { "vulnerability": "VCID-tgs8-3n7x-cyc1" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-uhc9-p93a-gbau" }, { "vulnerability": "VCID-umd1-pmr4-4bgs" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwny-t2ez-y3e1" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xh4x-t7he-pufq" }, { "vulnerability": "VCID-y4g2-328f-qbge" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-yc6t-am1p-x3ev" }, { "vulnerability": "VCID-yenj-fv96-pbd7" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-ytd5-2swj-wkh1" }, { "vulnerability": "VCID-z29a-xpcq-p7ct" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" }, { "vulnerability": "VCID-ztjp-76rp-hfhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.6208", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.62073", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27131" }, { "reference_url": "https://docs.moodle.org/402/en/Risks", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.moodle.org/402/en/Risks" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131", "reference_id": "CVE-2021-27131", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27131" }, { "reference_url": "https://github.com/advisories/GHSA-w2pm-fr62-jgv4", "reference_id": "GHSA-w2pm-fr62-jgv4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w2pm-fr62-jgv4" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bu6d-ns3s-fuck" }