CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-38274: moodle: stored XSS via calendar's event title when deleting the event
Description
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
Classification
CVE ID: CVE-2024-38274
Affected Products
Vendor: Moodle
Product: Moodle
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 18.39% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://moodle.org/mod/forum/discuss.php?d=459499https://lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
https://lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/