3 matches found
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of AI prompt responses. An attacker can execute arbitrary scripts in the context of another user's session by injecting malicious HTML or JavaScrip...
CVE-2025-67849
CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...
CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...