Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2022-50943

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

EUVD-2025-18971

Malicious code in bioql PyPI...

EUVD-2025-18970

Malicious code in bioql PyPI...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS)

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

CVE-2025-34031

Summary: CVE-2025-34031 affects Moodle LMS Jmol Plugin, version 6.1 and earlier. The vulnerability is a local/file path traversal in the jsmol.php endpoint: user input is passed directly to file_get_contents(), enabling reading arbitrary files from the server when the parameter is crafted. No aut...

CVE-2025-34031 Moodle LMS Jmol Plugin Path Traversal

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the filegetcontents function without proper validation, allowing attackers to read arbitrary files from the server's filesystem ...

PT-2025-26659 · Moodle · Moodle Lms Jmol Plugin

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A reflected cross-site scripting XSS issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker ...

CVE-2025-3642

CVE-2025-3642 affects Moodle with the EQUELLA repository, enabling remote code execution. The issue is described as exploitable remotely (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) with a high base score (8.8); by default it is limited to sites where the EQUELLA repository is enabled and accessible to ...

BIT-MOODLE-2023-28333 Moodle: pix helper potential mustache code injection risk

The Mustache pix helper contained a potential Mustache injection risk if combined with user input note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS...

CVE-2024-1439

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...

Design/Logic Flaw

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...

CVE-2024-1439

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...

CVE-2024-1439 Inadequate access control vulnerability in Moodle

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...