Lucene search
GitHub Advisory DatabaseGHSA-P5CG-6RFR-6MX8HistoryJun 18, 2024 - 9:30 p.m.
Moodle stored XSS via calendar's event title when deleting the event
2024-06-1821:30:36
CWE-79
GitHub Advisory Database
github.com
5
moodle
calendar
stored xss
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
Affected configurations
Node
moodlemoodleRange<4.1.11
ORmoodlemoodleRange<4.2.8
ORmoodlemoodleRange<4.3.5
ORmoodlemoodleRange<4.4.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 4.1.11 | |
| moodle/moodle | lt | 4.2.8 | |
| moodle/moodle | lt | 4.3.5 | |
| moodle/moodle | lt | 4.4.1 |
References
github.com/advisories/GHSA-p5cg-6rfr-6mx8
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E
moodle.org/mod/forum/discuss.php?d=459499
nvd.nist.gov/vuln/detail/CVE-2024-38274
Related
cvelist
cvelist
osv
osv
Moodle stored XSS via calendar's event title when deleting the event
2024-06-18 21:30:36
cve
cve
CVE-2024-38274
2024-06-18 20:15:13
ubuntucve
ubuntucve
CVE-2024-38274
2024-06-18 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2024-06-19 10:22:46
nvd
nvd
CVE-2024-38274
2024-06-18 20:15:13
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2024-9df8ef935b)
2024-06-27 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2024-020937763e)
2024-06-27 00:00:00
nessus
nessus
Fedora 40 : moodle (2024-020937763e)
2024-06-27 00:00:00
Fedora 39 : moodle (2024-9df8ef935b)
2024-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: moodle-4.3.5-1.fc40
2024-06-27 02:04:09
[SECURITY] Fedora 39 Update: moodle-4.3.5-1.fc39
2024-06-27 01:43:43