CVE-2025-67855

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-67855
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67855.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67855
Aliases
Downstream
Published
2026-02-03T11:15:55.813Z
Modified
2026-02-16T07:21:30.610117Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
df1157bb845eabedd31989d6a1a6e18f638ff890
Introduced
45798c7c70ca9deaf8f2c4c352ca314f16d30b53
Fixed
93ee606ed814d99865c7ad17b69cb1bb84f18c57
Introduced
52c0da7c647bd6ba8c5f61882d88959821a1fb41
Fixed
d204a66488b91202141b60f3e8e190abc294ac49
Introduced
f1c169b32feed42eef9e15de6a9c5ab0aa997d79
Fixed
381b66b33a9b5f255d31f4508f26ad7c1a9af154

Affected versions

v4.*
v4.5.0
v4.5.1
v4.5.10
v4.5.2
v4.5.3
v4.5.4
v4.5.5
v4.5.6
v4.5.7
v4.5.8
v4.5.9
v5.*
v5.0.0
v5.0.0-beta
v5.0.0-rc1
v5.0.0-rc2
v5.0.0-rc3
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67855.json"