CVE-2024-37674

2024-06-2000:00:00

mitre

github.com

cross site scripting

moodle cms

remote attacker

arbitrary code

field name

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:moodle:moodle:3.10:*:*:*:*:*:*:*"
    ],
    "vendor": "moodle",
    "product": "moodle",
    "versions": [
      {
        "status": "affected",
        "version": "3.10"
      }
    ],
    "defaultStatus": "unknown"
  }
]