CVE-2024-3931

Name of the Vulnerable Software and Affected Versions Totara LMS version 18.0.1 Build 20231128.01

Description A vulnerability was found in the file admin/roles/check.php of the component Profile Handler. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Totara LMS version 18.0.1 Build 20231128.01, consider disabling the admin/roles/check.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the ID Number argument in the affected component Profile Handler. At the moment, there is no information about a newer version that contains a fix for this vulnerability.