Search for vulnerabilities
Vulnerability details: VCID-gjzr-epee-cfhj
Vulnerability ID VCID-gjzr-epee-cfhj
Aliases CVE-2024-43439
GHSA-hjgc-jxjc-8v9j
Summary Moodle reflected XSS via H5P error message A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-43439
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2024-43439
cvssv3.1 5.4 https://bugzilla.redhat.com/show_bug.cgi?id=2304268
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2304268
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2304268
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-hjgc-jxjc-8v9j
cvssv3.1 5.4 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 5.4 https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99
generic_textual MODERATE https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99
cvssv3.1 5.4 https://moodle.org/mod/forum/discuss.php?d=461209
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=461209
ssvc Track https://moodle.org/mod/forum/discuss.php?d=461209
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2024-43439
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2024-43439
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2024-43439
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-43439
https://bugzilla.redhat.com/show_bug.cgi?id=2304268
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99
https://moodle.org/mod/forum/discuss.php?d=461209
https://nvd.nist.gov/vuln/detail/CVE-2024-43439
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
GHSA-hjgc-jxjc-8v9j https://github.com/advisories/GHSA-hjgc-jxjc-8v9j
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2304268
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:50:51Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2304268
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=461209
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:50:51Z/ Found at https://moodle.org/mod/forum/discuss.php?d=461209
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43439
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43439
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.25047
EPSS Score 0.00082
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:10:35.598436+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-hjgc-jxjc-8v9j/GHSA-hjgc-jxjc-8v9j.json 36.1.3