CVE-2024-34000 - OpenCVE

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://moodle.org/mod/forum/discuss.php?d=458388

History

No history.

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2024-05-31T20:01:11.769Z

Updated: 2024-08-02T02:42:59.810Z

Reserved: 2024-04-29T13:02:30.266Z

Link: CVE-2024-34000

Vulnrichment

Updated: 2024-08-02T02:42:59.810Z

NVD

Status : Awaiting Analysis

Published: 2024-05-31T20:15:10.080

Modified: 2024-06-03T14:46:24.250

Link: CVE-2024-34000

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34000", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2024-04-29T13:02:30.266Z", "datePublished": "2024-05-31T20:01:11.769Z", "dateUpdated": "2024-08-02T02:42:59.810Z"}, "containers": {"cna": {"title": "moodle: stored XSS in lesson overview report via user ID number", "datePublic": "2024-05-20T09:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"collectionURL": "https://git.moodle.org", "packageName": "Moodle", "versions": [{"status": "affected", "version": "4.0", "lessThanOrEqual": "4.3.3", "versionType": "semver"}, {"status": "affected", "version": "4.2", "lessThanOrEqual": "4.2.6", "versionType": "semver"}, {"status": "affected", "version": "4.1", "lessThanOrEqual": "4.1.9", "versionType": "semver"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<pre>ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.</pre><br>"}]}], "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=458388"}], "credits": [{"lang": "en", "value": "Paul Holden", "type": "finder"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-05-31T20:01:11.769Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T16:24:48.794820Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:49.467Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.810Z"}, "title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=458388", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=458388", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.810Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-07T16:24:48.794820Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:44.052Z"}}], "cna": {"title": "moodle: stored XSS in lesson overview report via user ID number", "credits": [{"lang": "en", "type": "finder", "value": "Paul Holden"}], "affected": [{"versions": [{"status": "affected", "version": "4.0", "versionType": "semver", "lessThanOrEqual": "4.3.3"}, {"status": "affected", "version": "4.2", "versionType": "semver", "lessThanOrEqual": "4.2.6"}, {"status": "affected", "version": "4.1", "versionType": "semver", "lessThanOrEqual": "4.1.9"}], "packageName": "Moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unknown"}], "datePublic": "2024-05-20T09:00:00.000Z", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=458388"}], "descriptions": [{"lang": "en", "value": "ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.", "supportingMedia": [{"type": "text/html", "value": "<pre>ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.</pre><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-05-31T20:01:11.769Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34000", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.810Z", "dateReserved": "2024-04-29T13:02:30.266Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2024-05-31T20:01:11.769Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object