CVE-2024-34006
MEDIUMDescription
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| moodle | moodle |
| moodle | moodle |
| moodle | moodle |
References
Frequently Asked Questions
What is CVE-2024-34006? +
How severe is CVE-2024-34006? +
What products are affected by CVE-2024-34006? +
How do I check if I'm vulnerable to CVE-2024-34006? +
Related Vulnerabilities
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) …
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage …
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based …
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded …
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged …