Miggo Logo
Miggo Vulnerability Database
CVE-2021-36401

CVE-2021-36401:
Moodle vulnerable to Stored Cross-site Scripting

4.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-36401
GHSA ID
GHSA-g6h6-4fp6-w33w
EPSS Score
0.33437%
CWE
CWE-79
Published
3/7/2023
Updated
3/13/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.11.0-beta, < 3.11.13.11.1
moodle/moodlecomposer>= 3.10.0-beta, < 3.10.53.10.5
moodle/moodlecomposer< 3.9.83.9.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient output encoding when exporting ID numbers to HTML data formats. Based on: 1) The advisory specifically mentions HTML export handlers 2) XSS occurs in downloaded files rather than web UI 3) Moodle's dataformat architecture uses format-specific writers 4) The CWE-79 classification indicates missing output encoding. While exact patch details are unavailable, Moodle's dataformat components handling HTML table generation (particularly ID number fields) would logically require sanitization that was missing in vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Moo*l*, I* num**rs *xport** in *TML **t* *orm*ts r*quir** ***ition*l s*nitizin* to pr*v*nt * lo**l stor** XSS risk.

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt output *n*o*in* w**n *xportin* I* num**rs to *TML **t* *orm*ts. **s** on: *) T** **visory sp**i*i**lly m*ntions *TML *xport **n*l*rs *) XSS o**urs in *ownlo**** *il*s r*t**r t**n w** UI *) Moo*l*'s **t**orm*t