← Volver a CVEs
CVE-2025-67849
HIGH7.3
Descripcion
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
Detalles CVE
Puntuacion CVSS v3.17.3
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/3/2026
Ultima modificacion2/11/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
moodle:moodle
Debilidades (CWE)
CWE-79
Referencias
https://access.redhat.com/security/cve/CVE-2025-67849(patrick@puiterwijk.org)
https://bugzilla.redhat.com/show_bug.cgi?id=2423835(patrick@puiterwijk.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.