CVE-2025-34032

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior

Description: A reflected cross-site scripting (XSS) issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link, potentially hijacking user sessions or manipulating page content. The issue is specifically related to the data parameter in jsmol.php.

Recommendations: For Moodle LMS Jmol plugin versions 6.1 and prior, consider disabling the jsmol.php endpoint or restricting access to it until a patch is available. Avoid using the data parameter in the affected jsmol.php endpoint until the issue is resolved.