Miggo Logo

CVE-2019-18210: Moodle Persistent Cross-site Scripting (XSS)

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.62251%
Published
5/24/2022
Updated
5/3/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.7, <= 3.7.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient input sanitization in the module editing workflow. While client-side filtering exists via TinyMCE editor, the server-side processing in modedit.php's update_moduleinfo function accepts raw HTML input from introeditor[text] parameter and stores it without proper neutralization. This allows authenticated teachers to persist arbitrary JavaScript that executes when other users view the course module. The file path and function are explicitly tied to the vulnerable endpoint described in CVE/GHSA documentation, and the attack vector matches the described parameter injection pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

P*rsist*nt XSS in `/*ours*/mo***it.p*p` o* Moo*l* t*rou** *.*.* *llows *ut**nti**t** us*rs (T*****r *n* **ov*) to inj**t J*v*S*ript into t** s*ssion o* *not**r us*r (*.*., *nroll** stu**nt or sit* **ministr*tor) vi* t** intro**itor[t*xt] p*r*m*t*r. N

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt input s*nitiz*tion in t** mo*ul* **itin* work*low. W*il* *li*nt-si** *ilt*rin* *xists vi* TinyM** **itor, t** s*rv*r-si** pro**ssin* in `mo***it.p*p`'s `up**t*_mo*ul*in*o` *un*tion ****pts r*w *TML input *rom
CVE-2019-18210: Moodle Course Editor XSS Vuln | Miggo