CVE-2024-37674: Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code v...
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
Security readout for executives and security teams
Plain-English summary
This is a cross-site scripting issue reported in Moodle CMS v3.10. A logged-in remote attacker could place malicious content in the Field Name of a new activity, potentially affecting another user who views it. The record shows limited confidentiality, integrity, and availability impact, and does not identify active exploitation.
Executive priority
Treat as a moderate-priority web application issue. Prioritize externally reachable Moodle deployments, education portals with many contributors, and environments where low-privileged users can create activities. Escalate if vendor guidance confirms wider version exposure or exploitation emerges.
Technical view
CVE-2024-37674 is CWE-79 XSS in the new activity Field Name name parameter. The CVSS vector indicates network access, low attack complexity, low privileges required, and user interaction required, with unchanged scope and low C/I/A impact. Affected product metadata is incomplete, though the description names Moodle CMS v3.10.
Likely exposure
Exposure is most likely for organizations running Moodle CMS v3.10 with users allowed to create or configure activities. The CVE affected-product fields are listed as n/a, so confirm exposure against the CVE reference and Moodle/vendor guidance before assuming broader version impact.
Exploitation context
No CISA KEV listing is provided, and the source bundle does not cite active exploitation. The attack appears to require an authenticated user and a victim interaction, reducing urgency versus unauthenticated remote compromise but still relevant for shared learning environments.
Researcher notes
The public record is sparse: affected vendor/product fields are n/a, while the description names Moodle CMS v3.10. Avoid expanding scope beyond the cited record without vendor confirmation. Validate behavior in a controlled environment without publishing payloads or operational exploit details.
Mitigation direction
Identify Moodle instances and confirm whether version 3.10 is present.
Check Moodle or vendor guidance for fixed versions or official mitigation.
Restrict activity creation and editing to trusted roles where feasible.
Review existing activity Field Name values for suspicious or unexpected content.
Apply vendor-supported updates after normal staging validation.
Validation and detection
Inventory Moodle version and plugin configuration across exposed sites.
Review role permissions for creating or modifying activities.
Inspect rendered activity Field Name output for proper HTML encoding.
Search audit logs for unusual activity creation by low-privileged users.
Track vendor advisories and CVE updates for affected-version clarification.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-79: User-session and phishing behavior lookup
Client-side and session-facing weaknesses should be reviewed alongside initial-access and user-execution behaviors. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.