CVE-2025-26529

Published Feb 24, 2025

Last updated 2 months ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-26529 is a stored Cross-Site Scripting (XSS) vulnerability found in Moodle's site administration live log functionality. The vulnerability exists because description information displayed in the site administration live log was not properly sanitized. This flaw affects Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15, and earlier unsupported versions. Successful exploitation of this vulnerability could allow attackers to inject malicious scripts that would be executed in the context of other users' browsers when they view the affected live log section in the site administration area. To remediate this vulnerability, users are advised to upgrade to the patched versions: Moodle 4.5.2, 4.4.6, 4.3.10, and 4.1.16. The fix involves implementing proper sanitization for event descriptions in the live log functionality.

Description: Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
Source: patrick@puiterwijk.org
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.3
Impact score: 6
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

patrick@puiterwijk.org: CWE-79

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 29

Overview

AI description

Risk scores

CVSS 3.1

Weaknesses

Social media

References