Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

EUVD-2025-18970

Malicious code in bioql PyPI...

EUVD-2025-18971

Malicious code in bioql PyPI...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34032

CVE-2025-34032 concerns the Moodle LMS Jmol plugin (

CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34031

Summary: CVE-2025-34031 affects Moodle LMS Jmol Plugin, version 6.1 and earlier. The vulnerability is a local/file path traversal in the jsmol.php endpoint: user input is passed directly to file_get_contents(), enabling reading arbitrary files from the server when the parameter is crafted. No aut...

PT-2025-26659 · Moodle · Moodle Lms Jmol Plugin

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A reflected cross-site scripting XSS issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker ...

PT-2025-26658 · Moodle · Moodle Lms Jmol Plugin

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A path traversal vulnerability exists in the Moodle LMS Jmol plugin via the query parameter in jsmol.php. The script directly passes user input to the file get contents function witho...

Moodle LMS Jmol plugin 路径遍历漏洞

Moodle LMS Jmol plugin is an open source plugin for Moodle. A path traversal vulnerability exists in Moodle LMS Jmol plugin version 6.1 and earlier, which stems from the query parameter in jsmol.php being passed directly to the filegetcontents function without validation, which could lead to...

Moodle LMS Jmol plugin 跨站脚本漏洞

Moodle LMS Jmol plugin is an open source plugin for Moodle. A cross-site scripting vulnerability exists in Moodle LMS Jmol plugin version 6.1 and earlier, which stems from a reflected cross-site scripting attack due to an uncleared data parameter in jsmol.php...

VulnCheck KEV: CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's...