PT-2024-3825 · Moodle+2 · Moodle+2

Aleksey Solovev

Published

2024-02-22

Updated

2025-05-31

CVE-2024-33998

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue is related to insufficient escaping of participants' names in the participants page table, resulting in a stored XSS risk when interacting with some features. This could allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2024-8851

ALT-PU-2024-9067

BDU:2024-04201

BIT-MOODLE-2024-33998

CVE-2024-33998

GHSA-XQHH-253W-4Q5F

Affected Products

Alt Linux

Moodle

Red Os

PT-2024-3825 · Moodle+2 · Moodle+2

CVE-2024-33998

Weakness Enumeration

Related Identifiers

Affected Products

References · 19