CVE-2024-38274
Description
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
CWE
- CWE-79 — CWE-79
- CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
- Moodle / Moodle — v=4.4 [affected]; v=4.3 ≤4.3.4 [affected]; v=4.2 ≤4.2.7 [affected]; v=4.1 ≤4.1.10 [affected]
CVSS
- (none)
References
- https://moodle.org/mod/forum/discuss.php?d=459499
- https://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
Source
cvelistV5-main/cves/2024/38xxx/CVE-2024-38274.json