CVE-2024-43439

🗓️ 11 Nov 2024 16:00:39Reported by fedoraType

Flaw in Moodle H5P error messages exposes XSS ris

Reporter	Title	Published	Views	Family All 50
BDU FSTEC	The vulnerability in the virtual learning environment Moodle arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out attacks using cross-site scripting (XSS).	25 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-43439	11 Nov 202416:04	–	circl
CNNVD	Moodle 安全漏洞	11 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-43439 Moodle: reflected xss via h5p error message	11 Nov 202416:00	–	cvelist
EUVD	EUVD-2024-40278	3 Oct 202520:07	–	euvd
Github Security Blog	Moodle reflected XSS via H5P error message	11 Nov 202418:30	–	github
NVD	CVE-2024-43439	11 Nov 202416:15	–	nvd
OpenVAS	Moodle < 4.1.12, 4.2.x < 4.2.9, 4.3.x < 4.3.6, 4.4.x < 4.4.2 Multiple Vulnerabilities	21 Aug 202400:00	–	openvas
OSV	BIT-MOODLE-2024-43439 Moodle: reflected xss via h5p error message	24 Apr 202507:29	–	osv
OSV	GHSA-HJGC-JXJC-8V9J Moodle reflected XSS via H5P error message	11 Nov 202418:30	–	osv

NVD

Node

moodle moodleRange<4.1.12

moodle moodleRange4.2.0–4.2.9

moodle moodleRange4.3.0–4.3.6

moodle moodleRange4.4.0–4.4.2

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "4.1.12",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.2",
        "lessThan": "4.2.9",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.3",
        "lessThan": "4.3.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.4",
        "lessThan": "4.4.2",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://github.com/moodle/moodle",
    "defaultStatus": "unaffected"
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
moodle	www.moodle.org/mod/forum/discuss.php

23 Apr 2025 21:26Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.15.4 - 6.1

EPSS0.0129

SSVC

CWE-79