CVE-2025-67855

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This issue stems from inadequate sanitization of URL parameters, enabling attackers to inject malicious scripts via specially crafted links. Successful exploitation may result in information disclosure or arbitrary client-side script execution within the user's browser. The vulnerability affects the return URL functionality within the policy tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.