BIT-MOODLE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

EUVD-2025-12524

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-3637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through th...

Moodle's mod_data edit/delete pages pass CSRF token in GET parameter

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

GHSA-9VC3-VM42-FJHM Moodle's mod_data edit/delete pages pass CSRF token in GET parameter

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

Use of GET Request Method With Sensitive Query Strings

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the moddata module's edit and delete pages. An attacker can access the CSRF token by manipulating the URL parameters. Remediation Upgrade...

CVE-2025-3637

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

CVE-2025-3637

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

CVE-2025-3637 Moodle: csrf token exposure via url in moodle mod_data module

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

CVE-2025-3637

Moodle vulnerability CVE-2025-3637: CSRF protection data is exposed via the URL on mod_data edit and delete pages, allowing confidential information to be shared publicly. The issue is described as token exposure in GET parameters, specifically affecting Moodle’s mod_data edit/delete workflows. N...

CVE-2025-3637

A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the moddata module: edit and delete pages...

GHSA-MJ85-3HQQ-R6R9 Moodle Reflected XSS in mod_data advanced search

Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...

Moodle Reflected XSS in mod_data advanced search

Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...

Cross-Site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS attacks. The attacks exist because output from moddata advanced search form fields values are not sanitize properly, allowing the attackers to target users with higher permissions to click a link through this loophole...

CVE-2016-2153

Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...

Cross site scripting

Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...

CVE-2016-2153

CVE-2016-2153: Affected: Moodle’s mod_data advanced-search feature. Root cause: XSS in the advanced-search URL field that accepts user input, enabling injection of arbitrary script/HTML. Affected versions: Moodle up to 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0....