CVE-2025-67850

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67850
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67850.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67850
Aliases
Downstream
Published
2026-02-03T11:15:55.213Z
Modified
2026-02-15T08:20:29.226738Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b27f0816159a7555a0b3ad9ff2f8f8ef701a29fa
Introduced
45798c7c70ca9deaf8f2c4c352ca314f16d30b53
Fixed
93ee606ed814d99865c7ad17b69cb1bb84f18c57
Introduced
4d1cd09d32f553d05ebcb12395c1a67972c315d4
Fixed
d204a66488b91202141b60f3e8e190abc294ac49
Introduced
f1c169b32feed42eef9e15de6a9c5ab0aa997d79
Fixed
381b66b33a9b5f255d31f4508f26ad7c1a9af154

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67850.json"