CVE-2025-26529

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 4.5.4-alt1

Description The issue is a stored Cross-Site Scripting (XSS) risk within the site administration live log. Insufficient sanitization of description information displayed in this log allows for the injection of malicious scripts. Exploitation of this issue could potentially lead to remote code execution (RCE) and account takeover. Proof-of-concept (PoC) exploits have been published. The vulnerability stems from a lack of protection measures for the structure of web pages.

Recommendations Upgrade to Moodle version 4.5.4-alt1 or later to address this issue.