CVE-2024-28593

Source
https://cve.org/CVERecord?id=CVE-2024-28593
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28593.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28593
Aliases
Downstream
Published
2024-03-22T00:00:00Z
Modified
2026-07-15T01:48:55.218182256Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

Database specific
{
    "isDisputed": true,
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/28xxx/CVE-2024-28593.json"
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "cpe": "cpe:2.3:a:moodle:moodle:4.3.3:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.3.3"
        },
        {
            "last_affected": "4.3.3"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

4.*
4.3.3
v4.*
v4.3.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28593.json"