PT-2025-26658 · Moodle · Moodle Lms Jmol Plugin

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A path traversal vulnerability exists in the Moodle LMS Jmol plugin via the query parameter in jsmol.php. The script directly passes user input to the file get contents function witho...

Moodle LMS Jmol plugin 路径遍历漏洞

Moodle LMS Jmol plugin is an open source plugin for Moodle. A path traversal vulnerability exists in Moodle LMS Jmol plugin version 6.1 and earlier, which stems from the query parameter in jsmol.php being passed directly to the filegetcontents function without validation, which could lead to...

VulnCheck KEV: CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's...

Cross site scripting

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter...