CVE-2025-26529 - Vulnerability Details - OpenCVE

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

No data.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145
https://moodle.org/mod/forum/discuss.php?d=466145

History

Fri, 08 Aug 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Moodle Moodle moodle
CPEs		cpe:2.3:a:moodle:moodle::::::::
Vendors & Products		Moodle Moodle moodle

Mon, 24 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 24 Feb 2025 20:00:00 +0000

Type	Values Removed	Values Added
Description		Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
Title		Stored XSS risk in admin live log
Weaknesses		CWE-79
References		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145 https://moodle.org/mod/forum/discuss.php?d=466145
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2025-02-24T19:52:48.821Z

Updated: 2025-02-24T20:14:08.198Z

Reserved: 2025-02-12T13:29:39.336Z

Link: CVE-2025-26529

Vulnrichment

Updated: 2025-02-24T20:07:03.387Z

NVD

Status : Analyzed

Published: 2025-02-24T20:15:33.677

Modified: 2025-08-08T19:37:24.770

Link: CVE-2025-26529

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26529", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2025-02-12T13:29:39.336Z", "datePublished": "2025-02-24T19:52:48.821Z", "dateUpdated": "2025-02-24T20:14:08.198Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "moodle", "vendor": "Moodle Project", "versions": [{"lessThan": "4.5.2", "status": "affected", "version": "4.5.0", "versionType": "semver"}, {"lessThan": "4.4.6", "status": "affected", "version": "4.4.0", "versionType": "semver"}, {"lessThan": "4.3.10", "status": "affected", "version": "4.3.0", "versionType": "semver"}, {"lessThan": "4.1.16", "status": "affected", "version": "4.1.0", "versionType": "semver"}, {"lessThan": "4.2.*", "status": "unknown", "version": "4.2.0", "versionType": "semver"}, {"lessThan": "4.0.*", "status": "unknown", "version": "0", "versionType": "semver"}]}], "datePublic": "2025-02-18T05:38:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Description information displayed in the site administration live log \nrequired additional sanitizing to prevent a stored XSS risk."}], "value": "Description information displayed in the site administration live log \nrequired additional sanitizing to prevent a stored XSS risk."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-02-24T20:14:08.198Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=466145"}, {"tags": ["patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS risk in admin live log", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-24T20:05:38.160784Z", "id": "CVE-2025-26529", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T20:07:14.809Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-24T20:05:38.160784Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-24T20:07:03.387Z"}}], "cna": {"title": "Stored XSS risk in admin live log", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Moodle Project", "product": "moodle", "versions": [{"status": "affected", "version": "4.5.0", "lessThan": "4.5.2", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.6", "versionType": "semver"}, {"status": "affected", "version": "4.3.0", "lessThan": "4.3.10", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.16", "versionType": "semver"}, {"status": "unknown", "version": "4.2.0", "lessThan": "4.2.*", "versionType": "semver"}, {"status": "unknown", "version": "0", "lessThan": "4.0.*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-02-18T05:38:00.000Z", "references": [{"url": "https://moodle.org/mod/forum/discuss.php?d=466145", "tags": ["vendor-advisory"]}, {"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Description information displayed in the site administration live log \nrequired additional sanitizing to prevent a stored XSS risk.", "supportingMedia": [{"type": "text/html", "value": "Description information displayed in the site administration live log \nrequired additional sanitizing to prevent a stored XSS risk.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-02-24T20:14:08.198Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26529", "state": "PUBLISHED", "dateUpdated": "2025-02-24T20:14:08.198Z", "dateReserved": "2025-02-12T13:29:39.336Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2025-02-24T19:52:48.821Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABE6D6ED-55D3-46B4-84DC-7C3684E3260E", "versionEndExcluding": "4.1.16", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DF83192-5999-4E1B-B109-A1B0F68437B2", "versionEndExcluding": "4.3.10", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91CC5BB-FFB9-4D09-9001-105A8B68208E", "versionEndExcluding": "4.4.6", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "830F7FD6-3257-44A2-9599-2C5C2FF2BA20", "versionEndExcluding": "4.5.2", "versionStartIncluding": "4.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Description information displayed in the site administration live log \nrequired additional sanitizing to prevent a stored XSS risk."}, {"lang": "es", "value": " La informaci\u00f3n de descripci\u00f3n que se muestra en el registro en vivo de la administraci\u00f3n del sitio requiri\u00f3 una depuraci\u00f3n adicional para evitar un riesgo de XSS almacenado."}], "id": "CVE-2025-26529", "lastModified": "2025-08-08T19:37:24.770", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-24T20:15:33.677", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145"}, {"source": "patrick@puiterwijk.org", "tags": ["Vendor Advisory"], "url": "https://moodle.org/mod/forum/discuss.php?d=466145"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}]}