Stored XSS Vulnerability in Moodle's Administration Live Log
CVE-2025-26529

8.3HIGH

Key Information:

Vendor: Moodle Project
Status: Moodle
Vendor: CVE Published:; 24 February 2025

Summary

The vulnerability present in Moodle's site administration live log stems from inadequate sanitization of description information. This flaw allows attackers to inject malicious scripts, which can be executed in the context of an administrator's session, compromising sensitive data and potentially leading to unauthorized actions within the platform. It is vital for users to apply the latest patches and prevent exploitation by enhancing input validation and sanitization processes.

Affected Version(s)

moodle 4.5.0 < 4.5.2

moodle 4.4.0 < 4.4.6

moodle 4.3.0 < 4.3.10

References

https://moodle.org/mod/forum/discuss.php?d=466145

vendor-advisory

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

patch

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 12, 2025