Description
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.
Published: 2024-11-11
Score: 5.4 Medium
EPSS: 1.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-40278 Moodle reflected XSS via H5P error message
Github GHSA Github GHSA GHSA-hjgc-jxjc-8v9j Moodle reflected XSS via H5P error message
History

Wed, 23 Apr 2025 21:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Tue, 12 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
Weaknesses CWE-79
CPEs cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*
Vendors & Products Moodle
Moodle moodle
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.
Title Moodle: reflected xss via h5p error message
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Moodle Moodle
cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published:

Updated: 2024-11-12T14:55:08.278Z

Reserved: 2024-08-13T07:15:00.599Z

Link: CVE-2024-43439

cve-icon Vulnrichment

Updated: 2024-11-12T14:54:57.401Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-11T16:15:14.770

Modified: 2025-04-23T21:26:17.000

Link: CVE-2024-43439

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses