Description

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

Remediation

References

CVE-2024-37674

Related Vulnerabilities

Oracle JRE CVE-2013-0433 Vulnerability (CVE-2013-0433)

Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134)

Oracle Database Server CVE-2019-2940 Vulnerability (CVE-2019-2940)

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

MediaWiki Uncontrolled Resource Consumption Vulnerability (CVE-2024-34506)

Severity

Medium

Classification

CVE-2024-37674 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities