CVE-2025-26528

State: PUBLISHED · Published: 2025-02-24 · Updated: 2025-02-24 · Assigner: fedora

Description

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Affected

Moodle Project / moodle — v=4.5.0 <4.5.2 [affected]; v=4.4.0 <4.4.6 [affected]; v=4.3.0 <4.3.10 [affected]; v=4.1.0 <4.1.16 [affected]; v=4.2.0 <4.2.* [unknown]; v=0 <4.0.* [unknown]

CVSS

References

Source

cvelistV5-main/cves/2025/26xxx/CVE-2025-26528.json