vulnerability

Moodle: Inappropriate Encoding for Output Context (CVE-2024-34006)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	May 31, 2024	Jun 3, 2025	Aug 1, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

May 31, 2024

Added

Jun 3, 2025

Modified

Aug 1, 2025

Description

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

Solutions

moodle-upgrade-4_1_10moodle-upgrade-4_2_7moodle-upgrade-4_3_4

References

CVE-2024-34006
https://attackerkb.com/topics/CVE-2024-34006
URL-https://moodle.org/mod/forum/discuss.php?d=458395

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today