What the vulnerability does
01Description
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
CVE-2024-38274
CVE-2024-38274: moodle: stored XSS via calendar's event title when deleting the event
CVSS base score
—
Key dates
02Disclosure timeline
June 18, 2024
CVE published
February 13, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-48489 FreeScout Vulnerable to Stored XSS
CVE-2024-32597 WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability
CVE-2018-25056 yolapi metadata.py render_description cross site scripting
CVE-2024-8400 Stored XSS in gaizhenbiao/chuanhuchatgpt
CVE-2026-1401 Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import
