Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

No data.

No data.

No data.

References
Link Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 cve-icon cve-icon
https://moodle.org/mod/forum/discuss.php?d=466145 cve-icon cve-icon
History

Mon, 24 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 24 Feb 2025 20:00:00 +0000

Type Values Removed Values Added
Description Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
Title Stored XSS risk in admin live log
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2025-02-24T19:52:48.821Z

Updated: 2025-02-24T20:14:08.198Z

Reserved: 2025-02-12T13:29:39.336Z

Link: CVE-2025-26529

cve-icon Vulnrichment

Updated: 2025-02-24T20:07:03.387Z

cve-icon NVD

Status : Received

Published: 2025-02-24T20:15:33.677

Modified: 2025-02-24T20:15:33.677

Link: CVE-2025-26529

cve-icon Redhat

No data.