CVE-2025-67855 | moodle up to 4.1.21/4.4.11/4.5.7/5.0.3/5.1.0 Policy Tool cross site scripting

Inserito da Angelo Barbosa | Feb 3, 2026 | CVE

A vulnerability, which was classified as problematic, was found in moodle up to 4.1.21/4.4.11/4.5.7/5.0.3/5.1.0. This impacts an unknown function of the component Policy Tool. The manipulation results in cross site scripting.

This vulnerability was named CVE-2025-67855. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.

CVE-2025-67855 | moodle up to 4.1.21/4.4.11/4.5.7/5.0.3/5.1.0 Policy Tool cross site scripting

Post correlati

CVE-2023-50931 | Savignano SNotify up to 2.0.0 on Bitbucket Setting cross-site request forgery

CVE-2024-10131 | infiniflow ragflow up to 0.11.0 llm_app.py add_llm req[‘llm_factory’]/req[‘llm_name’] command injection

CVE-2025-1135 | ChurchCRM up to 5.13.0 sql injection (Issue 7254)

CVE-2024-51572 | Peter Shaw LH QR Codes Plugin up to 1.06 on WordPress cross site scripting