Miggo Logo

CVE-2021-36568: Moodle Cross-site Scripting vulnerability

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.38737%
Published
9/14/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer<= 3.9.7
moodle/moodlecomposer>= 3.10.0, <= 3.10.4
moodle/moodlecomposer>= 3.11.0, < 3.11.103.11.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization in Database activity text fields. Key points:

  1. The attack vector requires storing XSS in field metadata ('Field name'/'description'), implicating the field persistence logic (update_field).
  2. The XSS triggers in the search interface, indicating insecure output handling in display functions (display_search_field).
  3. Moodle's architecture typically handles field storage in field.class.php and rendering in related methods. The pattern matches known XSS vulnerabilities where storage and display layers both lack sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In **rt*in Moo*l* pro*u*ts **t*r *r**tin* * *ours*, it is possi*l* to *** in * *r*itr*ry "Topi*" * r*sour**, in t*is **s* * "**t***s*" wit* t** typ* "T*xt" w**r* its v*lu*s "*i*l* n*m*" *n* "*i*l* **s*ription" *r* vuln*r**l* to *ross Sit* S*riptin* S

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion in **t***s* **tivity t*xt *i*l*s. K*y points: *. T** *tt**k v**tor r*quir*s storin* XSS in *i*l* m*t***t* ('*i*l* n*m*'/'**s*ription'), impli**tin* t** *i*l* p*rsist*n** lo*i* (up**t*_*i*l*). *