Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-67849 - Vulnerability Database

Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-67849

Medium

Reference: CVE-2025-67849

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-67849

Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability caused by improper sanitization of AI prompt responses allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages their sessions could be stolen or the user interface could be manipulated.