CVE-2024-28593

Name of the Vulnerable Software and Affected Versions Moodle version 4.3.3

Description The Chat activity in Moodle allows students to insert potentially unwanted HTML elements, such as A or IMG elements, or HTML content that can lead to performance degradation. The vendor's documentation notes that users can utilize HTML code in their text, including inserting images, playing sounds, or creating differently colored and sized text. It is also mentioned that the Chat activity is due to be removed from standard Moodle.

Recommendations For Moodle version 4.3.3, consider disabling the Chat activity until a patch is available to prevent potential performance degradation and unauthorized HTML element insertion. Restrict access to the Chat module to minimize the risk of exploitation. Avoid using HTML code in the Chat activity until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.