Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 4.1.11 | |
moodle/moodle | lt | 4.2.8 | |
moodle/moodle | lt | 4.3.5 | |
moodle/moodle | lt | 4.4.1 |
github.com/advisories/GHSA-p5cg-6rfr-6mx8
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
moodle.org/mod/forum/discuss.php?d=459499
nvd.nist.gov/vuln/detail/CVE-2024-38274