Lucene search
HistoryJun 20, 2024 - 6:15 p.m.
CVE-2024-37674
cross site scripting
moodle cms v3.10
remote attacker
arbitrary code
field name
new activity
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
Related
ubuntucve
ubuntucve
CVE-2024-37674
2024-06-20 00:00:00
vulnrichment
vulnrichment
CVE-2024-37674
2024-06-20 00:00:00
cve
cve
CVE-2024-37674
2024-06-20 18:15:12
veracode
veracode
Cross-site Scripting (XSS)
2024-06-24 04:47:37
osv
osv
CVE-2024-37674
2024-06-20 18:15:00
cvelist
cvelist
CVE-2024-37674
2024-06-20 00:00:00
openvas
openvas
Moodle <= 3.10 XSS Vulnerability
2024-07-11 00:00:00
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-37674