Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bu6d-ns3s-fuck
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.
Aliases
0
alias CVE-2021-27131
1
alias GHSA-w2pm-fr62-jgv4
Fixed_packages
0
url pkg:composer/moodle/moodle@3.10.2
purl pkg:composer/moodle/moodle@3.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-17k8-g4xw-b7g9
2
vulnerability VCID-1efm-18zh-w7gm
3
vulnerability VCID-1kfj-2zwf-vbfp
4
vulnerability VCID-1wup-hjxg-f7g4
5
vulnerability VCID-21mq-pewz-ekdt
6
vulnerability VCID-233t-s5y8-4yg5
7
vulnerability VCID-29mv-feyq-guew
8
vulnerability VCID-2cdg-m3pq-ufe5
9
vulnerability VCID-2gtq-u4jg-4uck
10
vulnerability VCID-2jta-hqah-d7cf
11
vulnerability VCID-2urf-d2qr-abdy
12
vulnerability VCID-2wsu-7rzh-h7cs
13
vulnerability VCID-3mgk-4c3z-sudt
14
vulnerability VCID-3nu2-1cwj-sfdd
15
vulnerability VCID-3nvq-s7y5-fufr
16
vulnerability VCID-3yre-ft3n-2fd3
17
vulnerability VCID-44zf-1dw7-qkf5
18
vulnerability VCID-4spj-h1cc-rbfg
19
vulnerability VCID-4zvp-nmrk-4qbq
20
vulnerability VCID-57wg-wxss-jbaw
21
vulnerability VCID-5ba5-pee7-6kh1
22
vulnerability VCID-5s33-v19s-sqd6
23
vulnerability VCID-5snb-dyv3-efe9
24
vulnerability VCID-5xhb-mx3v-fuhs
25
vulnerability VCID-61ry-zz34-8qhj
26
vulnerability VCID-657g-68tv-dkam
27
vulnerability VCID-6726-ca8y-4uez
28
vulnerability VCID-6cvg-r9am-wbh5
29
vulnerability VCID-6p1s-2r14-z7ax
30
vulnerability VCID-6rc8-bs9z-5bb2
31
vulnerability VCID-7p54-yn8k-aydw
32
vulnerability VCID-7trf-g8dq-tua1
33
vulnerability VCID-893t-9cja-43g2
34
vulnerability VCID-8bzr-1mub-3ffq
35
vulnerability VCID-8uah-srba-6ubb
36
vulnerability VCID-95f1-6g3r-rkg4
37
vulnerability VCID-9rqr-xzr8-5fgf
38
vulnerability VCID-9xk9-qb9x-jfcs
39
vulnerability VCID-a1ek-x154-5ydy
40
vulnerability VCID-ajrr-8392-kkcw
41
vulnerability VCID-b3vw-8hzh-dybx
42
vulnerability VCID-bhfv-dn14-ukfs
43
vulnerability VCID-bju3-sj3y-83e3
44
vulnerability VCID-cp4k-uz4a-ukh6
45
vulnerability VCID-cs5n-4bst-zfcj
46
vulnerability VCID-d92c-j4yy-fud3
47
vulnerability VCID-dky9-v96e-pubh
48
vulnerability VCID-dp61-6ban-cyda
49
vulnerability VCID-efq2-s2df-pqa1
50
vulnerability VCID-evef-t6cx-vqcc
51
vulnerability VCID-f1da-1duc-2uhb
52
vulnerability VCID-ffp4-23na-rkgr
53
vulnerability VCID-g3km-hbas-x3cg
54
vulnerability VCID-g9f7-787g-vyem
55
vulnerability VCID-gwnb-e3gt-kqcb
56
vulnerability VCID-gycn-bey2-4yam
57
vulnerability VCID-gzdw-424p-mqfa
58
vulnerability VCID-heb8-damy-47e5
59
vulnerability VCID-hk13-uc46-87h1
60
vulnerability VCID-hkef-37rz-4baf
61
vulnerability VCID-hmuw-bjax-37bz
62
vulnerability VCID-hufb-p6pa-63c9
63
vulnerability VCID-hwnq-6kng-kkcx
64
vulnerability VCID-j1s3-fyue-2kfy
65
vulnerability VCID-j21p-heue-nqd9
66
vulnerability VCID-j3ts-5ghc-4qct
67
vulnerability VCID-jkyc-esnt-p3ay
68
vulnerability VCID-m2a7-q28u-1yfw
69
vulnerability VCID-m3jj-r66a-d7cv
70
vulnerability VCID-m9tk-fa8m-zbah
71
vulnerability VCID-mhh7-n7ut-hkh6
72
vulnerability VCID-mnx8-118d-efcr
73
vulnerability VCID-ms4e-v5zc-9kgc
74
vulnerability VCID-n7d3-j3jn-rqfc
75
vulnerability VCID-nxy4-wr2t-e7fw
76
vulnerability VCID-p3ge-1cqt-tufw
77
vulnerability VCID-pd2f-4kxt-bkgp
78
vulnerability VCID-pged-191y-quhm
79
vulnerability VCID-qabh-bpmn-1ye5
80
vulnerability VCID-qfvz-hf8h-8bb3
81
vulnerability VCID-qruy-fs4p-43h1
82
vulnerability VCID-qw4y-q2gg-akea
83
vulnerability VCID-r1ug-e8x6-83gt
84
vulnerability VCID-r4m3-9prr-dkby
85
vulnerability VCID-r5w9-cbyk-hqc6
86
vulnerability VCID-rm2q-xde7-a3ej
87
vulnerability VCID-ry6t-xcsq-4bf2
88
vulnerability VCID-rzbf-yc44-6bdb
89
vulnerability VCID-sca8-zx4m-sub6
90
vulnerability VCID-sdxf-f1b3-t3cc
91
vulnerability VCID-sgdq-5ha7-nfh2
92
vulnerability VCID-t8vm-tfnq-5kak
93
vulnerability VCID-taab-hupu-huf9
94
vulnerability VCID-tb5z-bfmc-zkgh
95
vulnerability VCID-team-9wba-yufc
96
vulnerability VCID-tgs8-3n7x-cyc1
97
vulnerability VCID-u32t-89zc-v3gj
98
vulnerability VCID-ueyy-v42v-7ydh
99
vulnerability VCID-uhc9-p93a-gbau
100
vulnerability VCID-umd1-pmr4-4bgs
101
vulnerability VCID-vsrk-zp7j-w7bk
102
vulnerability VCID-vve8-f9s9-v7ft
103
vulnerability VCID-wby4-h9ud-1yh5
104
vulnerability VCID-wwny-t2ez-y3e1
105
vulnerability VCID-wwx4-ns21-k3hd
106
vulnerability VCID-wytb-bryq-yqb4
107
vulnerability VCID-xh4x-t7he-pufq
108
vulnerability VCID-y4g2-328f-qbge
109
vulnerability VCID-yby1-g45r-rugg
110
vulnerability VCID-yc6t-am1p-x3ev
111
vulnerability VCID-yenj-fv96-pbd7
112
vulnerability VCID-ykj6-ptd4-7qfs
113
vulnerability VCID-ytd5-2swj-wkh1
114
vulnerability VCID-z29a-xpcq-p7ct
115
vulnerability VCID-z5u9-5522-h7fx
116
vulnerability VCID-zf4q-a4cz-y7dh
117
vulnerability VCID-zjqu-hbpf-9qe1
118
vulnerability VCID-zrjj-atms-8uf9
119
vulnerability VCID-ztjp-76rp-hfhk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2
Affected_packages
0
url pkg:composer/moodle/moodle@3.10.1
purl pkg:composer/moodle/moodle@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-17k8-g4xw-b7g9
2
vulnerability VCID-1efm-18zh-w7gm
3
vulnerability VCID-1kfj-2zwf-vbfp
4
vulnerability VCID-1wup-hjxg-f7g4
5
vulnerability VCID-21mq-pewz-ekdt
6
vulnerability VCID-233t-s5y8-4yg5
7
vulnerability VCID-29mv-feyq-guew
8
vulnerability VCID-2cdg-m3pq-ufe5
9
vulnerability VCID-2gtq-u4jg-4uck
10
vulnerability VCID-2jta-hqah-d7cf
11
vulnerability VCID-2urf-d2qr-abdy
12
vulnerability VCID-2wsu-7rzh-h7cs
13
vulnerability VCID-3mgk-4c3z-sudt
14
vulnerability VCID-3nu2-1cwj-sfdd
15
vulnerability VCID-3nvq-s7y5-fufr
16
vulnerability VCID-3yre-ft3n-2fd3
17
vulnerability VCID-44zf-1dw7-qkf5
18
vulnerability VCID-4spj-h1cc-rbfg
19
vulnerability VCID-4zvp-nmrk-4qbq
20
vulnerability VCID-57wg-wxss-jbaw
21
vulnerability VCID-5ba5-pee7-6kh1
22
vulnerability VCID-5s33-v19s-sqd6
23
vulnerability VCID-5snb-dyv3-efe9
24
vulnerability VCID-5xhb-mx3v-fuhs
25
vulnerability VCID-61ry-zz34-8qhj
26
vulnerability VCID-657g-68tv-dkam
27
vulnerability VCID-6726-ca8y-4uez
28
vulnerability VCID-6cvg-r9am-wbh5
29
vulnerability VCID-6p1s-2r14-z7ax
30
vulnerability VCID-6rc8-bs9z-5bb2
31
vulnerability VCID-7p54-yn8k-aydw
32
vulnerability VCID-7trf-g8dq-tua1
33
vulnerability VCID-893t-9cja-43g2
34
vulnerability VCID-8bzr-1mub-3ffq
35
vulnerability VCID-8uah-srba-6ubb
36
vulnerability VCID-95f1-6g3r-rkg4
37
vulnerability VCID-9rqr-xzr8-5fgf
38
vulnerability VCID-9xk9-qb9x-jfcs
39
vulnerability VCID-a1ek-x154-5ydy
40
vulnerability VCID-ajrr-8392-kkcw
41
vulnerability VCID-b3vw-8hzh-dybx
42
vulnerability VCID-bbj9-hpz3-xqhh
43
vulnerability VCID-bhfv-dn14-ukfs
44
vulnerability VCID-bju3-sj3y-83e3
45
vulnerability VCID-bu6d-ns3s-fuck
46
vulnerability VCID-cp4k-uz4a-ukh6
47
vulnerability VCID-cs5n-4bst-zfcj
48
vulnerability VCID-d92c-j4yy-fud3
49
vulnerability VCID-dky9-v96e-pubh
50
vulnerability VCID-dp61-6ban-cyda
51
vulnerability VCID-dpd2-1sqc-qqfy
52
vulnerability VCID-efq2-s2df-pqa1
53
vulnerability VCID-evef-t6cx-vqcc
54
vulnerability VCID-f1da-1duc-2uhb
55
vulnerability VCID-ffp4-23na-rkgr
56
vulnerability VCID-g3km-hbas-x3cg
57
vulnerability VCID-g9f7-787g-vyem
58
vulnerability VCID-gnez-ehgq-rfbr
59
vulnerability VCID-gwnb-e3gt-kqcb
60
vulnerability VCID-gycn-bey2-4yam
61
vulnerability VCID-gzdw-424p-mqfa
62
vulnerability VCID-heb8-damy-47e5
63
vulnerability VCID-hk13-uc46-87h1
64
vulnerability VCID-hkef-37rz-4baf
65
vulnerability VCID-hmuw-bjax-37bz
66
vulnerability VCID-hufb-p6pa-63c9
67
vulnerability VCID-hwnq-6kng-kkcx
68
vulnerability VCID-j1s3-fyue-2kfy
69
vulnerability VCID-j21p-heue-nqd9
70
vulnerability VCID-j3ts-5ghc-4qct
71
vulnerability VCID-jkyc-esnt-p3ay
72
vulnerability VCID-m2a7-q28u-1yfw
73
vulnerability VCID-m3jj-r66a-d7cv
74
vulnerability VCID-m9tk-fa8m-zbah
75
vulnerability VCID-mhh7-n7ut-hkh6
76
vulnerability VCID-mnx8-118d-efcr
77
vulnerability VCID-mqde-66zm-qbbj
78
vulnerability VCID-ms4e-v5zc-9kgc
79
vulnerability VCID-n7d3-j3jn-rqfc
80
vulnerability VCID-nxy4-wr2t-e7fw
81
vulnerability VCID-p3ge-1cqt-tufw
82
vulnerability VCID-pd2f-4kxt-bkgp
83
vulnerability VCID-pged-191y-quhm
84
vulnerability VCID-pgfa-bkaw-q7cq
85
vulnerability VCID-qabh-bpmn-1ye5
86
vulnerability VCID-qfvz-hf8h-8bb3
87
vulnerability VCID-qruy-fs4p-43h1
88
vulnerability VCID-qw4y-q2gg-akea
89
vulnerability VCID-r1ug-e8x6-83gt
90
vulnerability VCID-r4m3-9prr-dkby
91
vulnerability VCID-r5w9-cbyk-hqc6
92
vulnerability VCID-rm2q-xde7-a3ej
93
vulnerability VCID-ry6t-xcsq-4bf2
94
vulnerability VCID-rzbf-yc44-6bdb
95
vulnerability VCID-sca8-zx4m-sub6
96
vulnerability VCID-sdxf-f1b3-t3cc
97
vulnerability VCID-sgdq-5ha7-nfh2
98
vulnerability VCID-t8vm-tfnq-5kak
99
vulnerability VCID-taab-hupu-huf9
100
vulnerability VCID-tb5z-bfmc-zkgh
101
vulnerability VCID-team-9wba-yufc
102
vulnerability VCID-tgs8-3n7x-cyc1
103
vulnerability VCID-u32t-89zc-v3gj
104
vulnerability VCID-ueyy-v42v-7ydh
105
vulnerability VCID-uhc9-p93a-gbau
106
vulnerability VCID-umd1-pmr4-4bgs
107
vulnerability VCID-vsrk-zp7j-w7bk
108
vulnerability VCID-vve8-f9s9-v7ft
109
vulnerability VCID-wby4-h9ud-1yh5
110
vulnerability VCID-wwny-t2ez-y3e1
111
vulnerability VCID-wwx4-ns21-k3hd
112
vulnerability VCID-wytb-bryq-yqb4
113
vulnerability VCID-xh4x-t7he-pufq
114
vulnerability VCID-y4g2-328f-qbge
115
vulnerability VCID-yby1-g45r-rugg
116
vulnerability VCID-yc6t-am1p-x3ev
117
vulnerability VCID-yenj-fv96-pbd7
118
vulnerability VCID-ykj6-ptd4-7qfs
119
vulnerability VCID-ytd5-2swj-wkh1
120
vulnerability VCID-z29a-xpcq-p7ct
121
vulnerability VCID-z5u9-5522-h7fx
122
vulnerability VCID-zf4q-a4cz-y7dh
123
vulnerability VCID-zjqu-hbpf-9qe1
124
vulnerability VCID-zrjj-atms-8uf9
125
vulnerability VCID-ztjp-76rp-hfhk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27131
reference_id
reference_type
scores
0
value 0.00289
scoring_system epss
scoring_elements 0.52609
published_at 2026-06-08T12:55:00Z
1
value 0.00289
scoring_system epss
scoring_elements 0.52635
published_at 2026-06-07T12:55:00Z
2
value 0.00416
scoring_system epss
scoring_elements 0.62073
published_at 2026-06-05T12:55:00Z
3
value 0.00416
scoring_system epss
scoring_elements 0.6208
published_at 2026-06-06T12:55:00Z
4
value 0.00416
scoring_system epss
scoring_elements 0.62024
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27131
1
reference_url https://docs.moodle.org/402/en/Risks
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.moodle.org/402/en/Risks
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27131
reference_id CVE-2021-27131
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27131
5
reference_url https://github.com/advisories/GHSA-w2pm-fr62-jgv4
reference_id GHSA-w2pm-fr62-jgv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w2pm-fr62-jgv4
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bu6d-ns3s-fuck