CVE-2024-43437

A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2304266	Permissions Required
https://moodle.org/mod/forum/discuss.php?d=461207	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

23 Apr 2025, 21:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:moodle:moodle::::::::
First Time		Moodle moodle Moodle
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2304266 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2304266 - Permissions Required
References	~~() https://moodle.org/mod/forum/discuss.php?d=461207 -~~	() https://moodle.org/mod/forum/discuss.php?d=461207 - Vendor Advisory

13 Mar 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-79

12 Nov 2024, 13:55

Type	Values Removed	Values Added
Summary		(es) Se encontró una falla en Moodle. Una desinfección insuficiente de los datos al realizar una restauración podría generar un riesgo de Cross Site Scripting (XSS) a partir de archivos de respaldo maliciosos.

11 Nov 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-11 13:15

Updated : 2025-04-23 21:28

NVD link : CVE-2024-43437

Mitre link : CVE-2024-43437

CVE.ORG link : CVE-2024-43437

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-43437", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-11-11T13:15:04.757", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304266", "tags": ["Permissions Required"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=461207", "tags": ["Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Moodle. Una desinfecci\u00f3n insuficiente de los datos al realizar una restauraci\u00f3n podr\u00eda generar un riesgo de Cross Site Scripting (XSS) a partir de archivos de respaldo maliciosos."}], "lastModified": "2025-04-23T21:28:23.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5532931-0BD7-4522-9641-F0455BB030D8", "versionEndExcluding": "4.1.12"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8D123FB-556C-4602-91CB-ABE6541079F3", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA8C381-9493-42BD-A5EA-7AADFAB68C5E", "versionEndExcluding": "4.3.6", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277E1058-2F00-45DB-8BFC-2628CCC89981", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}