CVE-2025-3643

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-3643

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3643.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3643

Aliases

Downstream

UBUNTU-CVE-2025-3643

Published

2025-04-25T15:15:38.147Z

Modified

2026-02-19T08:41:35.665318Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2a900d6ed9af75abcdd82f1dbae37d8b06c37bf7

Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

8f0c7bb53cd3ead755e941183e6d3bd0ac717a19

Introduced

ee91c6536f99e1633e2245780c4fe7f47340ed66

Fixed

f22eed6b67af8d0c25732d549680482e1867cd34

Introduced

fe7aff8093240cc373f1ddaa66ecb91c4bc0a09f

Fixed

73fc31dabf4feb33ef02167bd98063a3ceef89bb

Affected versions

v4.*

v4.3.0

v4.3.1

v4.3.10

v4.3.11

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

v4.5.0

v4.5.1

v4.5.2

v4.5.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3643.json"