The vulnerability in the virtual learning environment Moodle, related to the lack of measures taken to protect the structure of web pages, allows attackers to carry out XSS attacks.

🗓️ 29 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Moodle vulnerability due to missing page structure protections enables attackers to perform cross-site scripting.

Reporter	Title	Published	Views	Family All 34
CNNVD	Moodle Security Breach	31 May 202400:00	–	cnnvd
CVE	CVE-2024-33998	31 May 202419:46	–	cve
Cvelist	CVE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options	31 May 202419:46	–	cvelist
EUVD	EUVD-2024-1870	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle Cross-site Scripting (XSS)	31 May 202421:30	–	github
NVD	CVE-2024-33998	31 May 202420:15	–	nvd
OpenVAS	Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities	14 May 202400:00	–	openvas
OSV	BIT-MOODLE-2024-33998 moodle: stored XSS via user's name on participants page when opening some options	31 May 202505:57	–	osv
OSV	GHSA-XQHH-253W-4Q5F Moodle Cross-site Scripting (XSS)	31 May 202421:30	–	osv
OSV	UBUNTU-CVE-2024-33998	31 May 202420:15	–	osv

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
git	www.git.moodle.org/gw
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024051524
web	www.web.nvd.nist.gov/view/vuln/detail

28 Nov 2024 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 26.8

CVSS 36.8

EPSS0.00367

Moodle cross site scripting web page structure vulnerability