BIT-moodle-2025-67855

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67855.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-moodle-2025-67855

Aliases

Published

2026-02-12T08:51:10.563Z

Modified

2026-02-12T09:26:11.255515Z

Summary

Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting

Details

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.

Database specific

{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / moodle

Package

Name: moodle
Purl: pkg:bitnami/moodle

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.1.22

Introduced

4.4.0

Fixed

4.4.11

Introduced

4.5.0

Fixed

4.5.8

Introduced

5.0.0

Fixed

5.0.4

Introduced

5.1.0

Fixed

5.1.1

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2025-67855.json"