Skip to content

Commit b4a87d6

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-mhf6-pp52-8wqj GHSA-mhf6-pp52-8wqj
1 parent 1125320 commit b4a87d6

2 files changed

Lines changed: 149 additions & 40 deletions

File tree

advisories/github-reviewed/2026/02/GHSA-mhf6-pp52-8wqj/GHSA-mhf6-pp52-8wqj.json

Lines changed: 149 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mhf6-pp52-8wqj",
4+
"modified": "2026-02-03T19:02:30Z",
5+
"published": "2026-02-03T12:30:28Z",
6+
"aliases": [
7+
"CVE-2025-67849"
8+
],
9+
"summary": "Moodle Cross-site Scripting (XSS) vulnerability",
10+
"details": "A flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "4.1.22"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "moodle/moodle"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.4.0-beta"
48+
},
49+
{
50+
"fixed": "4.4.12"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "moodle/moodle"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "4.5.0-beta"
67+
},
68+
{
69+
"fixed": "4.5.8"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "moodle/moodle"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "5.0.0-beta"
86+
},
87+
{
88+
"fixed": "5.0.4"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "moodle/moodle"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "5.1.0-beta"
105+
},
106+
{
107+
"fixed": "5.1.1"
108+
}
109+
]
110+
}
111+
]
112+
}
113+
],
114+
"references": [
115+
{
116+
"type": "ADVISORY",
117+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67849"
118+
},
119+
{
120+
"type": "WEB",
121+
"url": "https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03"
122+
},
123+
{
124+
"type": "WEB",
125+
"url": "https://access.redhat.com/security/cve/CVE-2025-67849"
126+
},
127+
{
128+
"type": "WEB",
129+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423835"
130+
},
131+
{
132+
"type": "PACKAGE",
133+
"url": "https://github.com/moodle/moodle"
134+
},
135+
{
136+
"type": "WEB",
137+
"url": "https://moodle.org/mod/forum/discuss.php?d=471299"
138+
}
139+
],
140+
"database_specific": {
141+
"cwe_ids": [
142+
"CWE-79"
143+
],
144+
"severity": "HIGH",
145+
"github_reviewed": true,
146+
"github_reviewed_at": "2026-02-03T19:02:30Z",
147+
"nvd_published_at": "2026-02-03T11:15:55Z"
148+
}
149+
}

advisories/unreviewed/2026/02/GHSA-mhf6-pp52-8wqj/GHSA-mhf6-pp52-8wqj.json

Lines changed: 0 additions & 40 deletions
This file was deleted.

0 commit comments

Comments
 (0)