Lucene search

GitHub Advisory DatabaseGHSA-XQHH-253W-4Q5F

HistoryMay 31, 2024 - 9:30 p.m.

Moodle Cross-site Scripting (XSS)

2024-05-3121:30:52

CWE-79

GitHub Advisory Database

github.com

moodle

cross-site scripting

xss

participants

table

stored

risk

software

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

Insufficient escaping of participants’ names in the participants page table resulted in a stored XSS risk when interacting with some features.

Affected configurations

Vulners

Node

moodlemoodleRange<4.1.10

moodlemoodleRange<4.2.7

moodlemoodleRange<4.3.4

CPENameOperatorVersion
moodle/moodlelt4.1.10
moodle/moodlelt4.2.7
moodle/moodlelt4.3.4

Name	Operator	Version
moodle/moodle	lt	4.1.10
moodle/moodle	lt	4.2.7
moodle/moodle	lt	4.3.4

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81354

github.com/advisories/GHSA-xqhh-253w-4q5f

moodle.org/mod/forum/discuss.php?d=458386

nvd.nist.gov/vuln/detail/CVE-2024-33998