CVE-2024-29374

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Moodle version 3.10.9

Description A Cross-Site Scripting (XSS) issue exists due to inadequate protection of the webpage structure when handling the lang parameter in the "/?lang=" URL parameter. This could allow a remote attacker to read, modify, or delete data and implement cross-site scripting attacks.

Recommendations For Moodle version 3.10.9, consider disabling the lang parameter in the "/?lang=" URL parameter until a patch is available. Restrict access to this parameter to minimize the risk of exploitation. Avoid using the lang parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

BDU:2024-02454

BIT-MOODLE-2024-29374

CVE-2024-29374

GHSA-3QW5-V9CC-V262

Affected Products

Moodle

CVE-2024-29374

Weakness Enumeration

Related Identifiers

Affected Products

References · 18