CVE-2020-25627

MEDIUM

moodle 3.9-3.9.1 - Stored Cross-Site Scripting in moodlenetprofile User Profile Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25627. PoCs published by HoangKien1020.

AI-analyzed exploit summary This PoC demonstrates a stored XSS vulnerability in Moodle via the 'moodlenetprofile' parameter in user profiles. It allows an attacker to inject malicious scripts that execute when other users view the profile, potentially stealing cookies or session data.

Description

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.

Exploits (1)

nomisec WORKING POC 3 stars

by HoangKien1020 · poc

https://github.com/HoangKien1020/CVE-2020-25627

View Code ZIP pw:eip

This PoC demonstrates a stored XSS vulnerability in Moodle via the 'moodlenetprofile' parameter in user profiles. It allows an attacker to inject malicious scripts that execute when other users view the profile, potentially stealing cookies or session data.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Moodle 3.9.0, 3.9.1

Auth required

Prerequisites: Authenticated user access (e.g., student role) · Ability to edit user profile

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://moodle.org/mod/forum/discuss.php?d=410839

Scores

CVSS v3 6.1

EPSS 0.0535

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

moodle/moodle 3.9 - 3.9.2Packagist

moodle/moodle 3.9.0 - 3.9.2

Published Dec 09, 2020

Tracked Since Feb 18, 2026