CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number

🗓️ 31 May 2024 20:01:11Reported by fedoraType

Stored XSS risk in lesson overview report

Reporter	Title	Published	Views	Family All 32
Circl	CVE-2024-34000	17 Apr 202416:13	–	circl
CNNVD	Moodle Security Breach	31 May 202400:00	–	cnnvd
CVE	CVE-2024-34000	31 May 202420:01	–	cve
Github Security Blog	Moodle Cross-site Scripting (XSS)	31 May 202421:30	–	github
NVD	CVE-2024-34000	31 May 202420:15	–	nvd
OpenVAS	Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities	14 May 202400:00	–	openvas
OSV	BIT-MOODLE-2024-34000 moodle: stored XSS in lesson overview report via user ID number	31 May 202505:57	–	osv
OSV	GHSA-8QWH-4VWV-7C5M Moodle Cross-site Scripting (XSS)	31 May 202421:30	–	osv
OSV	UBUNTU-CVE-2024-34000	31 May 202420:15	–	osv
Positive Technologies	PT-2023-30245 · Moodle +1 · Moodle +1	29 Oct 202300:00	–	ptsecurity

[
  {
    "collectionURL": "https://git.moodle.org",
    "packageName": "Moodle",
    "versions": [
      {
        "status": "affected",
        "version": "4.0",
        "lessThanOrEqual": "4.3.3",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.2",
        "lessThanOrEqual": "4.2.6",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.1",
        "lessThanOrEqual": "4.1.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php

31 May 2024 20:01Current

5.4Medium risk

Vulners AI Score5.4

EPSS0.00494

CWE-79