Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28593

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

Published

2024-03-22T15:15:15.453

Last Modified

2025-05-01T15:05:31.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	moodle	moodle	4.3.3	Yes

References

https://docs.moodle.org/403/en/Using_Chat Product ([email protected])
https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt Third Party Advisory ([email protected])
https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe Not Applicable ([email protected])
https://docs.moodle.org/403/en/Using_Chat Product (af854a3a-2127-422b-91ae-364da2661108)
https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe Not Applicable (af854a3a-2127-422b-91ae-364da2661108)