UBUNTU-CVE-2024-28593

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-28593

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-28593.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-28593

Upstream

CVE-2024-28593

Published

2024-03-22T15:15:00Z

Modified

2025-10-24T05:09:08Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

References

Affected packages

Ubuntu:16.04:LTS / moodle

Package

Name: moodle
Purl: pkg:deb/ubuntu/moodle@3.0.3+dfsg-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.9+dfsg-1

2.7.10+dfsg-1

2.7.11+dfsg-1

2.7.11+dfsg-2

2.7.12+dfsg-1

3.*

3.0.3+dfsg-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "moodle",
            "binary_version": "3.0.3+dfsg-0ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-28593.json"

Ubuntu:18.04:LTS / moodle