Miggo Logo

CVE-2021-36398: Moodle Cross-site Scripting vulnerability

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.71865%
Published
3/7/2023
Updated
3/13/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer= 3.113.11.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient output sanitization in the web service token display. Moodle's security advisory (MSA-21-0026) specifically mentions ID numbers in the token list required additional sanitizing. The token management interface (admin/webservice/tokens.php) would be the logical location for rendering this data. Moodle typically uses format_string() or other output filters for XSS protection, and the vulnerability suggests this sanitization was missing in the token list rendering function. The high confidence comes from the direct correlation between the vulnerability description and the token management interface's responsibility to display user-supplied ID numbers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Moo*l*, I* num**rs *ispl*y** in t** w** s*rvi** tok*n list r*quir** ***ition*l s*nitizin* to pr*v*nt * stor** XSS risk.

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt output s*nitiz*tion in t** w** s*rvi** tok*n *ispl*y. Moo*l*'s s**urity **visory (MS*-**-****) sp**i*i**lly m*ntions I* num**rs in t** tok*n list r*quir** ***ition*l s*nitizin*. T** tok*n m*n***m*nt int*r****