CVE-2025-67850

Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor

CVSS 7.3 HIGHEPSS 0.3%CWE-79

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

03 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Produtos afetados

moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2025-67850 https://bugzilla.redhat.com/show_bug.cgi?id=2423838