In Moodle version 3.10.9 a medium severity vulnerability CVE-2024-29374 was detected. Due to this bug, certain website links could be used by attackers to run harmful scripts in your browser, potentially causing harm. Currently, there is no fix version for this issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29374/.
Read more EducationalIn Moodle version 4.3.3 a medium severity vulnerability CVE-2024-28593 was detected. The Chat activity allows students to insert a potentially unwanted HTML A element, IMG element, or HTML content that leads to performance degradation. The vendor’s Using_Chat page says “If you know some HTML code, you can use it in your text to do things like insert images, play sounds, or create different colored and sized text.” To fix this issue, users should upgrade Moodle to versions 4.3.4 or later. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-28593/.
Read more Educational