← All advisories

Moderate severityNVD Advisory· Published Mar 21, 2024· Updated Aug 15, 2024

CVE-2024-29374

CVE-2024-29374

Description

A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moodle/moodlePackagist	<= 3.10.9	—

Affected products

3

Moodle/Moodlecpe-rescue
osv-coords2 versions
pkg:bitnami/moodle pkg:composer/moodle/moodle
>= 3.10.9, < 4.1.10+ 1 more
- (no CPE)range: >= 3.10.9, < 4.1.10
- (no CPE)range: <= 3.10.9

Patches

Vulnerability mechanics

References

3

github.com/advisories/GHSA-3qw5-v9cc-v262ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-29374ghsaADVISORY
gist.github.com/fir3storm/f9c7f3ec1a6496498517ed216d2640b2ghsaWEB

News mentions

0

No linked articles in our index yet.