CVE-2025-67855
Reflected XSS in Moodle Policy Tool Enables Script Injection
Publication date: 2026-02-03
Last updated on: 2026-02-11
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | From 4.4.0 (inc) to 4.4.11 (exc) |
| moodle | moodle | From 4.5.0 (inc) to 4.5.8 (exc) |
| moodle | moodle | From 5.0.0 (inc) to 5.0.4 (exc) |
| moodle | moodle | 5.1.0 |
| moodle | moodle | to 4.1.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected Cross-Site Scripting (XSS) flaw in Mooodle's policy tool return URL. It occurs because the application does not properly sanitize URL parameters, allowing an attacker to craft malicious links that inject and execute scripts in the user's browser when they click the link. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to information disclosure and arbitrary client-side script execution within the user's browser. This means attackers could steal sensitive information or perform actions on behalf of the user without their consent. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the policy tool's return URL for reflected Cross-Site Scripting (XSS) by injecting typical XSS payloads into URL parameters and observing if they are reflected unsanitized in the response. Commands using tools like curl or wget can be used to send crafted requests with XSS payloads, for example: curl -v 'http://target/mooodle/policytool?returnUrl=<script>alert(1)</script>'. Monitoring web server logs for suspicious URL parameters or using web vulnerability scanners that test for reflected XSS can also help detect this issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying any available patches or updates from the vendor addressing this vulnerability. If patches are not yet available, consider implementing input validation and sanitization on URL parameters at the web application or web server level, or using a Web Application Firewall (WAF) to block malicious payloads. Additionally, educating users to avoid clicking on suspicious links and monitoring for exploitation attempts can help reduce risk. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows for reflected Cross-Site Scripting (XSS) attacks that can lead to information disclosure and arbitrary client-side script execution. Such risks can potentially impact compliance with standards like GDPR and HIPAA, which require protection of personal and sensitive data from unauthorized access or disclosure.
However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these regulations or any specific compliance implications.