CVE-2024-28593

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

Related Vulnerabilities

CVE-2017-1242

MEDIUM
CVSS:5.4(Medium)

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro...

CWE-942017

CVE-2017-1329

MEDIUM
CVSS:5.4(Medium)

IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web bro...

CWE-942017

CVE-2017-1753

MEDIUM
CVSS:5.4(Medium)

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-942017

CVE-2017-6782

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The v...

CWE-942017

CVE-2021-32809

MEDIUM
CVSS:5.4(Medium)

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. Th...

CWE-942021

CVE-2022-23008

MEDIUM
CVSS:5.4(Medium)

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to i...

CWE-942022