{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45219?format=json","vulnerability_id":"VCID-bu6d-ns3s-fuck","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMoodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the \"Additional HTML Section\" via \"Header and Footer\" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.","aliases":[{"alias":"CVE-2021-27131"},{"alias":"GHSA-w2pm-fr62-jgv4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65140?format=json","purl":"pkg:composer/moodle/moodle@3.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-17k8-g4xw-b7g9"},{"vulnerability":"VCID-1efm-18zh-w7gm"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-1wup-hjxg-f7g4"},{"vulnerability":"VCID-21mq-pewz-ekdt"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-29mv-feyq-guew"},{"vulnerability":"VCID-2cdg-m3pq-ufe5"},{"vulnerability":"VCID-2gtq-u4jg-4uck"},{"vulnerability":"VCID-2jta-hqah-d7cf"},{"vulnerability":"VCID-2urf-d2qr-abdy"},{"vulnerability":"VCID-2wsu-7rzh-h7cs"},{"vulnerability":"VCID-3mgk-4c3z-sudt"},{"vulnerability":"VCID-3nu2-1cwj-sfdd"},{"vulnerability":"VCID-3nvq-s7y5-fufr"},{"vulnerability":"VCID-3yre-ft3n-2fd3"},{"vulnerability":"VCID-44zf-1dw7-qkf5"},{"vulnerability":"VCID-4spj-h1cc-rbfg"},{"vulnerability":"VCID-4zvp-nmrk-4qbq"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5ba5-pee7-6kh1"},{"vulnerability":"VCID-5s33-v19s-sqd6"},{"vulnerability":"VCID-5snb-dyv3-efe9"},{"vulnerability":"VCID-5xhb-mx3v-fuhs"},{"vulnerability":"VCID-61ry-zz34-8qhj"},{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-6726-ca8y-4uez"},{"vulnerability":"VCID-6cvg-r9am-wbh5"},{"vulnerability":"VCID-6p1s-2r14-z7ax"},{"vulnerability":"VCID-6rc8-bs9z-5bb2"},{"vulnerability":"VCID-7p54-yn8k-aydw"},{"vulnerability":"VCID-7trf-g8dq-tua1"},{"vulnerability":"VCID-893t-9cja-43g2"},{"vulnerability":"VCID-8bzr-1mub-3ffq"},{"vulnerability":"VCID-8uah-srba-6ubb"},{"vulnerability":"VCID-95f1-6g3r-rkg4"},{"vulnerability":"VCID-9rqr-xzr8-5fgf"},{"vulnerability":"VCID-9xk9-qb9x-jfcs"},{"vulnerability":"VCID-a1ek-x154-5ydy"},{"vulnerability":"VCID-ajrr-8392-kkcw"},{"vulnerability":"VCID-b3vw-8hzh-dybx"},{"vulnerability":"VCID-bhfv-dn14-ukfs"},{"vulnerability":"VCID-bju3-sj3y-83e3"},{"vulnerability":"VCID-cp4k-uz4a-ukh6"},{"vulnerability":"VCID-cs5n-4bst-zfcj"},{"vulnerability":"VCID-d92c-j4yy-fud3"},{"vulnerability":"VCID-dky9-v96e-pubh"},{"vulnerability":"VCID-dp61-6ban-cyda"},{"vulnerability":"VCID-efq2-s2df-pqa1"},{"vulnerability":"VCID-evef-t6cx-vqcc"},{"vulnerability":"VCID-f1da-1duc-2uhb"},{"vulnerability":"VCID-ffp4-23na-rkgr"},{"vulnerability":"VCID-g3km-hbas-x3cg"},{"vulnerability":"VCID-g9f7-787g-vyem"},{"vulnerability":"VCID-gwnb-e3gt-kqcb"},{"vulnerability":"VCID-gycn-bey2-4yam"},{"vulnerability":"VCID-gzdw-424p-mqfa"},{"vulnerability":"VCID-heb8-damy-47e5"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hkef-37rz-4baf"},{"vulnerability":"VCID-hmuw-bjax-37bz"},{"vulnerability":"VCID-hufb-p6pa-63c9"},{"vulnerability":"VCID-hwnq-6kng-kkcx"},{"vulnerability":"VCID-j1s3-fyue-2kfy"},{"vulnerability":"VCID-j21p-heue-nqd9"},{"vulnerability":"VCID-j3ts-5ghc-4qct"},{"vulnerability":"VCID-jkyc-esnt-p3ay"},{"vulnerability":"VCID-m2a7-q28u-1yfw"},{"vulnerability":"VCID-m3jj-r66a-d7cv"},{"vulnerability":"VCID-m9tk-fa8m-zbah"},{"vulnerability":"VCID-mhh7-n7ut-hkh6"},{"vulnerability":"VCID-mnx8-118d-efcr"},{"vulnerability":"VCID-ms4e-v5zc-9kgc"},{"vulnerability":"VCID-n7d3-j3jn-rqfc"},{"vulnerability":"VCID-nxy4-wr2t-e7fw"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-pd2f-4kxt-bkgp"},{"vulnerability":"VCID-pged-191y-quhm"},{"vulnerability":"VCID-qabh-bpmn-1ye5"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-qruy-fs4p-43h1"},{"vulnerability":"VCID-qw4y-q2gg-akea"},{"vulnerability":"VCID-r1ug-e8x6-83gt"},{"vulnerability":"VCID-r4m3-9prr-dkby"},{"vulnerability":"VCID-r5w9-cbyk-hqc6"},{"vulnerability":"VCID-rm2q-xde7-a3ej"},{"vulnerability":"VCID-ry6t-xcsq-4bf2"},{"vulnerability":"VCID-rzbf-yc44-6bdb"},{"vulnerability":"VCID-sca8-zx4m-sub6"},{"vulnerability":"VCID-sdxf-f1b3-t3cc"},{"vulnerability":"VCID-sgdq-5ha7-nfh2"},{"vulnerability":"VCID-t8vm-tfnq-5kak"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-tb5z-bfmc-zkgh"},{"vulnerability":"VCID-team-9wba-yufc"},{"vulnerability":"VCID-tgs8-3n7x-cyc1"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-ueyy-v42v-7ydh"},{"vulnerability":"VCID-uhc9-p93a-gbau"},{"vulnerability":"VCID-umd1-pmr4-4bgs"},{"vulnerability":"VCID-vsrk-zp7j-w7bk"},{"vulnerability":"VCID-vve8-f9s9-v7ft"},{"vulnerability":"VCID-wby4-h9ud-1yh5"},{"vulnerability":"VCID-wwny-t2ez-y3e1"},{"vulnerability":"VCID-wwx4-ns21-k3hd"},{"vulnerability":"VCID-wytb-bryq-yqb4"},{"vulnerability":"VCID-xh4x-t7he-pufq"},{"vulnerability":"VCID-y4g2-328f-qbge"},{"vulnerability":"VCID-yby1-g45r-rugg"},{"vulnerability":"VCID-yc6t-am1p-x3ev"},{"vulnerability":"VCID-yenj-fv96-pbd7"},{"vulnerability":"VCID-ykj6-ptd4-7qfs"},{"vulnerability":"VCID-ytd5-2swj-wkh1"},{"vulnerability":"VCID-z29a-xpcq-p7ct"},{"vulnerability":"VCID-z5u9-5522-h7fx"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"},{"vulnerability":"VCID-zjqu-hbpf-9qe1"},{"vulnerability":"VCID-zrjj-atms-8uf9"},{"vulnerability":"VCID-ztjp-76rp-hfhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65139?format=json","purl":"pkg:composer/moodle/moodle@3.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-17k8-g4xw-b7g9"},{"vulnerability":"VCID-1efm-18zh-w7gm"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-1wup-hjxg-f7g4"},{"vulnerability":"VCID-21mq-pewz-ekdt"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-29mv-feyq-guew"},{"vulnerability":"VCID-2cdg-m3pq-ufe5"},{"vulnerability":"VCID-2gtq-u4jg-4uck"},{"vulnerability":"VCID-2jta-hqah-d7cf"},{"vulnerability":"VCID-2urf-d2qr-abdy"},{"vulnerability":"VCID-2wsu-7rzh-h7cs"},{"vulnerability":"VCID-3mgk-4c3z-sudt"},{"vulnerability":"VCID-3nu2-1cwj-sfdd"},{"vulnerability":"VCID-3nvq-s7y5-fufr"},{"vulnerability":"VCID-3yre-ft3n-2fd3"},{"vulnerability":"VCID-44zf-1dw7-qkf5"},{"vulnerability":"VCID-4spj-h1cc-rbfg"},{"vulnerability":"VCID-4zvp-nmrk-4qbq"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5ba5-pee7-6kh1"},{"vulnerability":"VCID-5s33-v19s-sqd6"},{"vulnerability":"VCID-5snb-dyv3-efe9"},{"vulnerability":"VCID-5xhb-mx3v-fuhs"},{"vulnerability":"VCID-61ry-zz34-8qhj"},{"vulnerability":"VCID-657g-68tv-dkam"},{"vulnerability":"VCID-6726-ca8y-4uez"},{"vulnerability":"VCID-6cvg-r9am-wbh5"},{"vulnerability":"VCID-6p1s-2r14-z7ax"},{"vulnerability":"VCID-6rc8-bs9z-5bb2"},{"vulnerability":"VCID-7p54-yn8k-aydw"},{"vulnerability":"VCID-7trf-g8dq-tua1"},{"vulnerability":"VCID-893t-9cja-43g2"},{"vulnerability":"VCID-8bzr-1mub-3ffq"},{"vulnerability":"VCID-8uah-srba-6ubb"},{"vulnerability":"VCID-95f1-6g3r-rkg4"},{"vulnerability":"VCID-9rqr-xzr8-5fgf"},{"vulnerability":"VCID-9xk9-qb9x-jfcs"},{"vulnerability":"VCID-a1ek-x154-5ydy"},{"vulnerability":"VCID-ajrr-8392-kkcw"},{"vulnerability":"VCID-b3vw-8hzh-dybx"},{"vulnerability":"VCID-bbj9-hpz3-xqhh"},{"vulnerability":"VCID-bhfv-dn14-ukfs"},{"vulnerability":"VCID-bju3-sj3y-83e3"},{"vulnerability":"VCID-bu6d-ns3s-fuck"},{"vulnerability":"VCID-cp4k-uz4a-ukh6"},{"vulnerability":"VCID-cs5n-4bst-zfcj"},{"vulnerability":"VCID-d92c-j4yy-fud3"},{"vulnerability":"VCID-dky9-v96e-pubh"},{"vulnerability":"VCID-dp61-6ban-cyda"},{"vulnerability":"VCID-dpd2-1sqc-qqfy"},{"vulnerability":"VCID-efq2-s2df-pqa1"},{"vulnerability":"VCID-evef-t6cx-vqcc"},{"vulnerability":"VCID-f1da-1duc-2uhb"},{"vulnerability":"VCID-ffp4-23na-rkgr"},{"vulnerability":"VCID-g3km-hbas-x3cg"},{"vulnerability":"VCID-g9f7-787g-vyem"},{"vulnerability":"VCID-gnez-ehgq-rfbr"},{"vulnerability":"VCID-gwnb-e3gt-kqcb"},{"vulnerability":"VCID-gycn-bey2-4yam"},{"vulnerability":"VCID-gzdw-424p-mqfa"},{"vulnerability":"VCID-heb8-damy-47e5"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hkef-37rz-4baf"},{"vulnerability":"VCID-hmuw-bjax-37bz"},{"vulnerability":"VCID-hufb-p6pa-63c9"},{"vulnerability":"VCID-hwnq-6kng-kkcx"},{"vulnerability":"VCID-j1s3-fyue-2kfy"},{"vulnerability":"VCID-j21p-heue-nqd9"},{"vulnerability":"VCID-j3ts-5ghc-4qct"},{"vulnerability":"VCID-jkyc-esnt-p3ay"},{"vulnerability":"VCID-m2a7-q28u-1yfw"},{"vulnerability":"VCID-m3jj-r66a-d7cv"},{"vulnerability":"VCID-m9tk-fa8m-zbah"},{"vulnerability":"VCID-mhh7-n7ut-hkh6"},{"vulnerability":"VCID-mnx8-118d-efcr"},{"vulnerability":"VCID-mqde-66zm-qbbj"},{"vulnerability":"VCID-ms4e-v5zc-9kgc"},{"vulnerability":"VCID-n7d3-j3jn-rqfc"},{"vulnerability":"VCID-nxy4-wr2t-e7fw"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-pd2f-4kxt-bkgp"},{"vulnerability":"VCID-pged-191y-quhm"},{"vulnerability":"VCID-pgfa-bkaw-q7cq"},{"vulnerability":"VCID-qabh-bpmn-1ye5"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-qruy-fs4p-43h1"},{"vulnerability":"VCID-qw4y-q2gg-akea"},{"vulnerability":"VCID-r1ug-e8x6-83gt"},{"vulnerability":"VCID-r4m3-9prr-dkby"},{"vulnerability":"VCID-r5w9-cbyk-hqc6"},{"vulnerability":"VCID-rm2q-xde7-a3ej"},{"vulnerability":"VCID-ry6t-xcsq-4bf2"},{"vulnerability":"VCID-rzbf-yc44-6bdb"},{"vulnerability":"VCID-sca8-zx4m-sub6"},{"vulnerability":"VCID-sdxf-f1b3-t3cc"},{"vulnerability":"VCID-sgdq-5ha7-nfh2"},{"vulnerability":"VCID-t8vm-tfnq-5kak"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-tb5z-bfmc-zkgh"},{"vulnerability":"VCID-team-9wba-yufc"},{"vulnerability":"VCID-tgs8-3n7x-cyc1"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-ueyy-v42v-7ydh"},{"vulnerability":"VCID-uhc9-p93a-gbau"},{"vulnerability":"VCID-umd1-pmr4-4bgs"},{"vulnerability":"VCID-vsrk-zp7j-w7bk"},{"vulnerability":"VCID-vve8-f9s9-v7ft"},{"vulnerability":"VCID-wby4-h9ud-1yh5"},{"vulnerability":"VCID-wwny-t2ez-y3e1"},{"vulnerability":"VCID-wwx4-ns21-k3hd"},{"vulnerability":"VCID-wytb-bryq-yqb4"},{"vulnerability":"VCID-xh4x-t7he-pufq"},{"vulnerability":"VCID-y4g2-328f-qbge"},{"vulnerability":"VCID-yby1-g45r-rugg"},{"vulnerability":"VCID-yc6t-am1p-x3ev"},{"vulnerability":"VCID-yenj-fv96-pbd7"},{"vulnerability":"VCID-ykj6-ptd4-7qfs"},{"vulnerability":"VCID-ytd5-2swj-wkh1"},{"vulnerability":"VCID-z29a-xpcq-p7ct"},{"vulnerability":"VCID-z5u9-5522-h7fx"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"},{"vulnerability":"VCID-zjqu-hbpf-9qe1"},{"vulnerability":"VCID-zrjj-atms-8uf9"},{"vulnerability":"VCID-ztjp-76rp-hfhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27131","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52635","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.62024","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.6208","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.62073","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27131"},{"reference_url":"https://docs.moodle.org/402/en/Risks","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.moodle.org/402/en/Risks"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/p4nk4jv/CVEs-Assigned/blob/master/Moodle-3.10.1-CVE-2021-27131.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27131","reference_id":"CVE-2021-27131","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27131"},{"reference_url":"https://github.com/advisories/GHSA-w2pm-fr62-jgv4","reference_id":"GHSA-w2pm-fr62-jgv4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w2pm-fr62-jgv4"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bu6d-ns3s-fuck"}