CVE-2025-67849
Unknown Unknown - Not Provided
Cross-Site Scripting in Moodle AI Prompt Causes Session Hijacking

Publication date: 2026-02-03

Last updated on: 2026-02-11

Assigner: Fedora Project

Description
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-11
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-67849
EUVD
EUVD-2025-206737
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
moodle moodle From 4.5.0 (inc) to 4.5.8 (exc)
moodle moodle From 5.0.0 (inc) to 5.0.4 (exc)
moodle moodle 5.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Can you explain this vulnerability to me?

This vulnerability is a cross-site scripting (XSS) flaw in Moodle caused by improper sanitization of AI prompt responses. It allows attackers to inject malicious HTML or scripts into web pages, which can then be executed when other users view those pages. [1]


How can this vulnerability impact me? :

The vulnerability can lead to session theft or manipulation of the user interface for users who view the compromised pages. This means attackers could hijack user sessions or alter what users see and interact with on Moodle. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update Moodle to a version where the improper sanitization of AI prompt responses is fixed. Additionally, monitor and restrict user input that interacts with AI prompt responses to prevent injection of malicious scripts. Applying security patches from your Moodle vendor or distribution is recommended as an immediate step. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows attackers to inject malicious scripts that can steal user sessions or manipulate the user interface.

Such unauthorized access and manipulation of user data could potentially lead to violations of data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive information.

However, the provided information does not explicitly state the impact on compliance with these standards.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart