CVE-2025-26529

Summary

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Affected Software

VendorProductVersion RangeStatus
Moodle Projectmoodle4.5.0 < 4.5.2affected
Moodle Projectmoodle4.4.0 < 4.4.6affected
Moodle Projectmoodle4.3.0 < 4.3.10affected
Moodle Projectmoodle4.1.0 < 4.1.16affected
Moodle Projectmoodle4.2.0 < 4.2.*unknown
Moodle Projectmoodle0 < 4.0.*unknown

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References