{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:23:30.940","vulnerabilities":[{"cve":{"id":"CVE-2025-67850","sourceIdentifier":"patrick@puiterwijk.org","published":"2026-02-03T11:15:55.213","lastModified":"2026-02-11T18:31:55.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions."},{"lang":"es","value":"Se encontró una falla en moodle. Esta vulnerabilidad, conocida como cross-site scripting (XSS), ocurre debido a comprobaciones insuficientes en los datos proporcionados por el usuario en los campos de expresión aritmética del editor de fórmulas. Un atacante remoto podría inyectar código malicioso en estos campos. Cuando otros usuarios ven estas expresiones, el código malicioso se ejecutaría en sus navegadores web, comprometiendo potencialmente sus datos o llevando a acciones no autorizadas."}],"metrics":{"cvssMetricV31":[{"source":"patrick@puiterwijk.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"patrick@puiterwijk.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.22","matchCriteriaId":"A2DF3FD1-3A53-41D9-890B-F6DE973AB09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.11","matchCriteriaId":"CED60CDC-8F12-481C-9ADD-8559860A2B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.5.8","matchCriteriaId":"C0CC5CF8-4808-41A5-B8A1-B0D6C575E5DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.4","matchCriteriaId":"06F81442-AEEB-483D-90A9-93DDBA5B95D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:5.1.0:-:*:*:*:*:*:*","matchCriteriaId":"567FEE12-0E75-4F0C-B22E-E76990C80E1B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-67850","source":"patrick@puiterwijk.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423838","source":"patrick@puiterwijk.org","tags":["Issue Tracking","Third Party Advisory"]}]}}]}