33 matches found
Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
Linux Distros Unpatched Vulnerability : CVE-2022-50943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through th...
CVE-2022-50943
A flaw was found in Moodle LMS. An unauthenticated attacker can exploit a cross-site scripting XSS vulnerability by submitting malicious payloads through the search parameter. This allows the attacker to inject JavaScript code, leading to the execution of arbitrary scripts in users' browsers and...
CVE-2022-50943
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...
CVE-2022-50943
Moodle LMS 4.0 is affected by a cross-site scripting (XSS) vulnerability in the search parameter of course/search.php. The issue allows unauthenticated attackers to inject JavaScript code that executes in other users’ browsers and can lead to theft of session cookies. The available documents do n...
EUVD-2024-0523
Malicious code in bioql PyPI...
EUVD-2025-18970
Malicious code in bioql PyPI...
EUVD-2025-18971
Malicious code in bioql PyPI...
CVE-2025-34032
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
CVE-2025-34031
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...
CVE-2025-34032
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
CVE-2025-34031
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...
CVE-2025-34032
CVE-2025-34032 concerns the Moodle LMS Jmol plugin (
CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...
CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...
CVE-2025-34031
Summary: CVE-2025-34031 affects Moodle LMS Jmol Plugin, version 6.1 and earlier. The vulnerability is a local/file path traversal in the jsmol.php endpoint: user input is passed directly to file_get_contents(), enabling reading arbitrary files from the server when the parameter is crafted. No aut...
PT-2025-26659 · Moodle · Moodle Lms Jmol Plugin
Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A reflected cross-site scripting XSS issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker ...
PT-2025-26658 · Moodle · Moodle Lms Jmol Plugin
Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A path traversal vulnerability exists in the Moodle LMS Jmol plugin via the query parameter in jsmol.php. The script directly passes user input to the file get contents function witho...