CVE-2024-37674: n/a
CVE-2024-37674 is a Cross Site Scripting (XSS) vulnerability found in Moodle CMS version 3. 10. It allows a remote attacker with limited privileges to execute arbitrary code by exploiting the 'name' parameter of a new activity's Field Name. The vulnerability requires user interaction and some level of authentication, with a medium severity CVSS score of 5. 5. While no known exploits are currently in the wild, successful exploitation could lead to partial compromise of confidentiality, integrity, and availability within affected Moodle instances. Organizations using Moodle 3. 10 should prioritize patching or applying mitigations to prevent potential abuse. The threat primarily affects educational institutions and organizations globally that rely on Moodle for learning management. Given Moodle's widespread use, countries with large educational sectors and significant Moodle deployments are at higher risk.
AI Analysis
Technical Summary
CVE-2024-37674 is a Cross Site Scripting (XSS) vulnerability identified in Moodle CMS version 3.10, a widely used open-source learning management system. The vulnerability arises from insufficient sanitization of the 'name' parameter when creating a new activity within the platform. An attacker with at least limited privileges can inject malicious scripts via this parameter, which are then executed in the context of users who view the affected activity. This XSS flaw is classified under CWE-79 and can lead to arbitrary code execution in the victim's browser, potentially enabling session hijacking, credential theft, or further exploitation within the Moodle environment. The CVSS 3.1 base score is 5.5, reflecting a medium severity level due to the requirement of some privileges (PR:L) and user interaction (UI:R). The attack vector is network-based (AV:N), and the scope remains unchanged (S:U). Although no public exploits have been reported yet, the vulnerability poses a tangible risk given Moodle's extensive deployment in educational institutions worldwide. The lack of available patches at the time of publication necessitates immediate attention to mitigate potential exploitation.
Potential Impact
The impact of CVE-2024-37674 on organizations using Moodle 3.10 can be significant, particularly in educational and training environments where sensitive student and staff data is stored. Exploitation could allow attackers to execute arbitrary scripts in users' browsers, leading to session hijacking, unauthorized access to user accounts, and potential data leakage. This compromises confidentiality and integrity of user data and can disrupt availability if attackers inject malicious payloads that affect system functionality. The requirement for limited privileges and user interaction reduces the ease of exploitation but does not eliminate risk, especially in environments with many users and frequent activity creation. Institutions relying heavily on Moodle for critical learning operations may face reputational damage, compliance issues, and operational disruptions if this vulnerability is exploited.
Mitigation Recommendations
To mitigate CVE-2024-37674, organizations should first monitor Moodle's official channels for patches addressing this vulnerability and apply them promptly once available. In the interim, administrators should restrict the ability to create or modify activities to trusted users only, minimizing the attack surface. Implementing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting script execution sources. Regularly auditing and sanitizing user inputs in custom plugins or themes is advisable to prevent similar issues. Additionally, educating users about the risks of interacting with untrusted content within Moodle can reduce successful exploitation. Network-level protections such as Web Application Firewalls (WAF) configured to detect and block XSS payloads targeting the 'name' parameter may provide temporary defense. Finally, maintaining up-to-date backups and incident response plans will aid in recovery if exploitation occurs.
Affected Countries
United States, United Kingdom, Canada, Australia, Germany, France, India, Brazil, South Africa, New Zealand
CVE-2024-37674: n/a
Description
CVE-2024-37674 is a Cross Site Scripting (XSS) vulnerability found in Moodle CMS version 3. 10. It allows a remote attacker with limited privileges to execute arbitrary code by exploiting the 'name' parameter of a new activity's Field Name. The vulnerability requires user interaction and some level of authentication, with a medium severity CVSS score of 5. 5. While no known exploits are currently in the wild, successful exploitation could lead to partial compromise of confidentiality, integrity, and availability within affected Moodle instances. Organizations using Moodle 3. 10 should prioritize patching or applying mitigations to prevent potential abuse. The threat primarily affects educational institutions and organizations globally that rely on Moodle for learning management. Given Moodle's widespread use, countries with large educational sectors and significant Moodle deployments are at higher risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-37674 is a Cross Site Scripting (XSS) vulnerability identified in Moodle CMS version 3.10, a widely used open-source learning management system. The vulnerability arises from insufficient sanitization of the 'name' parameter when creating a new activity within the platform. An attacker with at least limited privileges can inject malicious scripts via this parameter, which are then executed in the context of users who view the affected activity. This XSS flaw is classified under CWE-79 and can lead to arbitrary code execution in the victim's browser, potentially enabling session hijacking, credential theft, or further exploitation within the Moodle environment. The CVSS 3.1 base score is 5.5, reflecting a medium severity level due to the requirement of some privileges (PR:L) and user interaction (UI:R). The attack vector is network-based (AV:N), and the scope remains unchanged (S:U). Although no public exploits have been reported yet, the vulnerability poses a tangible risk given Moodle's extensive deployment in educational institutions worldwide. The lack of available patches at the time of publication necessitates immediate attention to mitigate potential exploitation.
Potential Impact
The impact of CVE-2024-37674 on organizations using Moodle 3.10 can be significant, particularly in educational and training environments where sensitive student and staff data is stored. Exploitation could allow attackers to execute arbitrary scripts in users' browsers, leading to session hijacking, unauthorized access to user accounts, and potential data leakage. This compromises confidentiality and integrity of user data and can disrupt availability if attackers inject malicious payloads that affect system functionality. The requirement for limited privileges and user interaction reduces the ease of exploitation but does not eliminate risk, especially in environments with many users and frequent activity creation. Institutions relying heavily on Moodle for critical learning operations may face reputational damage, compliance issues, and operational disruptions if this vulnerability is exploited.
Mitigation Recommendations
To mitigate CVE-2024-37674, organizations should first monitor Moodle's official channels for patches addressing this vulnerability and apply them promptly once available. In the interim, administrators should restrict the ability to create or modify activities to trusted users only, minimizing the attack surface. Implementing Content Security Policy (CSP) headers can help reduce the impact of XSS by restricting script execution sources. Regularly auditing and sanitizing user inputs in custom plugins or themes is advisable to prevent similar issues. Additionally, educating users about the risks of interacting with untrusted content within Moodle can reduce successful exploitation. Network-level protections such as Web Application Firewalls (WAF) configured to detect and block XSS payloads targeting the 'name' parameter may provide temporary defense. Finally, maintaining up-to-date backups and incident response plans will aid in recovery if exploitation occurs.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-06-10T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6c6db7ef31ef0b563e24
Added to database: 2/25/2026, 9:41:01 PM
Last enriched: 2/26/2026, 5:19:02 AM
Last updated: 2/26/2026, 9:35:52 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighCVE-2026-28083: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in UX-themes Flatsome
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.