CVE-2025-67850

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue resides in insufficient protection of the web page structure within Moodle. Exploitation of this can allow a remote attacker to conduct a Cross-Site Scripting (XSS) attack. The flaw is due to inadequate checks on user-provided data within the formula editor’s arithmetic expression fields. Injecting malicious code into these fields allows execution in other users’ web browsers, potentially compromising data or leading to unauthorized actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.