CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

Moodle GeniAI plugin 安全漏洞

Moodle GeniAI plugin is a large modeling plugin for Moodle open source. A security vulnerability exists in Moodle GeniAI plugin version 2.3.6, which stems from an uncleaned JavaScript embedded in PDF files and could lead to a cross-site scripting attack...

CVE-2025-60507

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...

EUVD-2025-35200

Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...