Moderate severityNVD Advisory· Published Mar 22, 2024· Updated Nov 5, 2024
CVE-2024-28593
CVE-2024-28593
Description
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | <= 4.3.3 | — |
Affected products
3- osv-coords2 versions
>= 4.3.3, < 4.3.4+ 1 more
- (no CPE)range: >= 4.3.3, < 4.3.4
- (no CPE)range: <= 4.3.3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-f6mh-79vh-2hv7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28593ghsaADVISORY
- docs.moodle.org/403/en/Using_ChatghsaWEB
- gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txtghsaWEB
- medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88feghsaWEB
News mentions
0No linked articles in our index yet.