{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T03:07:33.807","vulnerabilities":[{"cve":{"id":"CVE-2025-67849","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-02-03T11:15:55.067","lastModified":"2026-02-11T18:31:37.907","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated."},{"lang":"es","value":"Se encontró un fallo en Moodle. Esta vulnerabilidad de cross-site scripting (XSS), causada por un saneamiento inadecuado de las respuestas de los prompts de IA, permite a los atacantes inyectar HTML o scripts maliciosos en páginas web. Cuando otros usuarios ven estas páginas comprometidas, sus sesiones podrían ser robadas, o la interfaz de usuario podría ser manipulada."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.8","matchCriteriaId":"C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"06F81442-AEEB-483D-90A9-93DDBA5B95D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*","matchCriteriaId":"567FEE12-0E75-4F0C-B22E-E76990C80E1B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-67849","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423835","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]}]}}]}