Cross-Site Scripting Vulnerability in Moodle H5P
CVE-2024-43439

6.1MEDIUM

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 11 November 2024

Summary

A vulnerability has been identified in Moodle's H5P component, where error messages are not properly sanitized. This oversight can lead to reflected cross-site scripting (XSS), potentially allowing attackers to execute malicious scripts in the context of users' sessions. If exploited, this vulnerability could compromise user data and lead to unauthorized actions on the part of an attacker. Proper sanitization of inputs and error messages is essential to mitigate such risks and ensure the security of the Moodle environment.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2304268

https://moodle.org/mod/forum/discuss.php?d=461209

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 11, 2024