← Zuruck zu CVEs

CVE-2024-28593

MEDIUM

5.4

Beschreibung

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

CVE Details

CVSS v3.1 Bewertung5.4

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht3/22/2024

Zuletzt geandert5/1/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

moodle:moodle

Schwachen (CWE)

CWE-94

Referenzen

https://docs.moodle.org/403/en/Using_Chat(cve@mitre.org)

https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt(cve@mitre.org)

https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe(cve@mitre.org)

https://docs.moodle.org/403/en/Using_Chat(af854a3a-2127-422b-91ae-364da2661108)

https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt(af854a3a-2127-422b-91ae-364da2661108)

https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.