Lucene search

Ubuntu.comUB:CVE-2024-37674

HistoryJun 21, 2024 - 12:00 a.m.

CVE-2024-37674

2024-06-2100:00:00

ubuntu.com

cve-2024-37674

cross site scripting

moodle cms

remote attacker

arbitrary code

field name

new activity

unix

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote
attacker to execute arbitrary code via the Field Name (name parameter) of a
new activity.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchmoodle< anyUNKNOWN
ubuntu16.04noarchmoodle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	moodle	< any	UNKNOWN
ubuntu	16.04	noarch	moodle	< any	UNKNOWN

References

moodle.com

github.com/MohamedAzizMSALLEMI/Moodle_Security/blob/main/CVE-2024-37674.md

launchpad.net/bugs/cve/CVE-2024-37674

nvd.nist.gov/vuln/detail/CVE-2024-37674

security-tracker.debian.org/tracker/CVE-2024-37674

www.cve.org/CVERecord?id=CVE-2024-37674