CVE-2024-38274
Published: 18 June 2024
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
Priority
Status
Package | Release | Status |
---|---|---|
moodle
Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
upstream |
Released
(4.4.1, 4.3.5, 4.2.8, 4.1.11)
|
|
xenial |
Needs triage
|
|
Patches:
upstream: https://git.moodle.org/gw?p=moodle.git;a=commit;h=cd2d23d35693b039aad3e20b978ffb694f30b994 |