BIT-moodle-2025-67849

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67849.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2025-67849

Aliases

CVE-2025-67849

Published

2026-02-12T08:51:02.532Z

Modified

2026-02-12T09:26:17.117407Z

Summary

Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses

Details

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

4.5.0

Fixed

4.5.8

Introduced

5.0.0

Fixed

5.0.4

Introduced

5.1.0

Fixed

5.1.1

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67849.json"