CVE-2025-26529

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-26529
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 Patch
https://moodle.org/mod/forum/discuss.php?d=466145 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
History

08 Aug 2025, 19:37

Type Values Removed Values Added
References () http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 - () http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 - Patch
References () https://moodle.org/mod/forum/discuss.php?d=466145 - () https://moodle.org/mod/forum/discuss.php?d=466145 - Vendor Advisory
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Summary
  • (es) La información de descripción que se muestra en el registro en vivo de la administración del sitio requirió una depuración adicional para evitar un riesgo de XSS almacenado.
First Time Moodle moodle
Moodle

24 Feb 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-24 20:15

Updated : 2025-08-08 19:37

NVD link : CVE-2025-26529

Mitre link : CVE-2025-26529

CVE.ORG link : CVE-2025-26529

JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')