CVE-2025-26529

HIGH

Moodle < 4.1.16 - XSS

Title source: rule

Description

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Exploits (2)

nomisec WORKING POC 9 stars
by Astroo18 · poc
https://github.com/Astroo18/PoC-CVE-2025-26529
nomisec WORKING POC 3 stars
by hxuu · poc
https://github.com/hxuu/moodle-cve

References (2)

Scores

CVSS v3 8.3
EPSS 0.0096
EPSS Percentile 76.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Products (2)
moodle/moodle 4.1.0 - 4.1.16
moodle/moodle 4.5.0-beta - 4.5.2Packagist
Published Feb 24, 2025
Tracked Since Feb 18, 2026