Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-27131

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the quotAdditional HTML Sectionquot via quotHeader and Footerquot parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.