Moodle 3.10.1 - Persistent/Stored Cross-Site Scripting (XSS)
Persistent/Stored Cross-Site Scripting (XSS) Vulnerabilities found in Moodle 3.10.1 version.
Description:-
Moodle 3.10.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" of the /admin/settings.php page. This vulnerability could allow an attacker to inject malicious JavaScript code into the "Header" & "Footer" fields and perform Stored Cross-Site Scripting (XSS) attack into the application.
Steps To Reproduce:-
- Navigate to the
http://127.0.0.1/and login with Admin credentials. - Now, navigate to the
Site Administration>Appearance>Additional HTMLsection. - Insert the following JavaScript Payload
<script>alert(document.cookie)</script>into the Header and Footer fields and save the settings. - Observe the Payload getting executed on all pages of the application.
Reference: CVE-2021-27131