CVE-2025-67849

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67849

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67849.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67849

Aliases

BIT-moodle-2025-67849

Downstream

UBUNTU-CVE-2025-67849

Published

2026-02-03T11:15:55.067Z

Modified

2026-02-16T07:14:37.864477Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

45798c7c70ca9deaf8f2c4c352ca314f16d30b53

Fixed

93ee606ed814d99865c7ad17b69cb1bb84f18c57

Introduced

52c0da7c647bd6ba8c5f61882d88959821a1fb41

Fixed

d204a66488b91202141b60f3e8e190abc294ac49

Affected versions

v4.*

v4.5.0

v4.5.1

v4.5.10

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.5.6

v4.5.7

v4.5.8

v4.5.9

v5.*

v5.0.0

v5.0.0-beta

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67849.json"