CVE-2025-26530

CVE-2025-26530

• CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

• Moodle Project / moodle — v=4.5.0 <4.5.2 [affected]; v=4.4.0 <4.4.6 [affected]; v=4.3.0 <4.3.10 [affected]; v=0 <4.2.* [unknown]

• 3.1 score=8.3 severity=HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

• https://moodle.org/mod/forum/discuss.php?d=466146 vendor-advisory
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146 patch