CVE-2021-27131: 
PHP vulnerability analysis and mitigation

Moodle 3.10.1 was reported to have a persistent/stored cross-site scripting (XSS) vulnerability in the 'Additional HTML Section' via the 'Header and Footer' parameter in /admin/settings.php. This vulnerability was disclosed on May 16, 2023. However, this vulnerability is disputed by the vendor because the 'Additional HTML Section' for 'Header and Footer' can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input like site-specific JavaScript (NVD).

The vulnerability was reported to allow injection of malicious JavaScript code into the 'Header' and 'Footer' fields of the Additional HTML section. When exploited, the malicious payload would execute on all pages of the application. The vulnerability has a CVSS v3.1 Base Score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

The reported impact would allow an attacker to steal admin and all user account cookies by storing malicious XSS payload in the Header and Footer sections. However, since this functionality is restricted to administrators who are intentionally given the ability to add custom JavaScript, the actual security impact is disputed (NVD).

Since this is a disputed vulnerability where the behavior is by design - administrators are intentionally allowed to add custom JavaScript - no specific mitigation is required. Organizations should ensure that only trusted administrators have access to modify the Additional HTML sections (Moodle Risks).