EUVD-2025-4273

Malicious code in bioql PyPI...

BIT-MOODLE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

Moodle allows reflected XSS via question bank filter

The question bank filter required additional sanitizing to prevent a reflected XSS risk...

CVE-2025-26529

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

CVE-2025-26530 Reflected XSS via question bank filter

The question bank filter required additional sanitizing to prevent a reflected XSS risk...

CVE-2025-26529 Stored XSS risk in admin live log

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

CVE-2024-33999 moodle: unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php

The referrer URL used by MFA required additional sanitizing, rather than being used directly...

Cross-site Scripting in moodle

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk...