Lucene search
Veracode Vulnerability DatabaseVERACODE:47645HistoryJun 19, 2024 - 10:22 a.m.
Cross-site Scripting (XSS)
2024-06-1910:22:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
moodle
software vulnerability
cross-site scripting
xss
calendar event titles
stored xss
event deletion prompt
moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion prompt.
References
github.com/advisories/GHSA-p5cg-6rfr-6mx8
github.com/moodle/moodle/commit/3048a162cb62ed929e7001b33a2a2d28ff62eafb
github.com/moodle/moodle/commit/891e9994b45e4a2841539e556586dd066026a259
github.com/moodle/moodle/commit/df42e007ce83a05e7fdd7c94d700231cf1f66b97
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
moodle.org/mod/forum/discuss.php?d=459499
Related
osv
osv
Moodle stored XSS via calendar's event title when deleting the event
2024-06-18 21:30:36
cvelist
cvelist
cve
cve
CVE-2024-38274
2024-06-18 20:15:13
ubuntucve
ubuntucve
CVE-2024-38274
2024-06-18 00:00:00
github
github
Moodle stored XSS via calendar's event title when deleting the event
2024-06-18 21:30:36
nvd
nvd
CVE-2024-38274
2024-06-18 20:15:13
fedora
fedora
[SECURITY] Fedora 40 Update: moodle-4.3.5-1.fc40
2024-06-27 02:04:09
[SECURITY] Fedora 39 Update: moodle-4.3.5-1.fc39
2024-06-27 01:43:43
nessus
nessus
Fedora 40 : moodle (2024-020937763e)
2024-06-27 00:00:00
Fedora 39 : moodle (2024-9df8ef935b)
2024-06-27 00:00:00
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2024-020937763e)
2024-06-27 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2024-9df8ef935b)
2024-06-27 00:00:00