Lucene search

GitHub Advisory DatabaseGHSA-8QWH-4VWV-7C5M

HistoryMay 31, 2024 - 9:30 p.m.

Moodle Cross-site Scripting (XSS)

2024-05-3121:30:53

CWE-79

GitHub Advisory Database

github.com

moodle

xss

cross-site scripting

sanitizing

report

stored xss

risk

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

Affected configurations

Vulners

Node

moodlemoodleRange<4.1.10

moodlemoodleRange<4.2.7

moodlemoodleRange<4.3.4

CPENameOperatorVersion
moodle/moodlelt4.1.10
moodle/moodlelt4.2.7
moodle/moodlelt4.3.4

Name	Operator	Version
moodle/moodle	lt	4.1.10
moodle/moodle	lt	4.2.7
moodle/moodle	lt	4.3.4

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81062

github.com/advisories/GHSA-8qwh-4vwv-7c5m

moodle.org/mod/forum/discuss.php?d=458388

nvd.nist.gov/vuln/detail/CVE-2024-34000