CVE-2024-38274

Severity

6.1MEDIUM

EPSS

1.0%

top 23.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 18

Description

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDmoodle/moodle4.1.0 — 4.1.11+3

▶Packagistmoodle/moodle4.4.0-beta — 4.4.1+3

▶CVEListV5moodle/moodle4.3 — 4.3.4+3

Also affects: Fedora 39, 40

OSV

CVE-2024-38274: Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt↗2024-06-18

▶

CVEList

moodle: stored XSS via calendar's event title when deleting the event↗2024-06-18

▶

OSV

Moodle stored XSS via calendar's event title when deleting the event↗2024-06-18

▶

GHSA

Moodle stored XSS via calendar's event title when deleting the event↗2024-06-18

▶