AI description
CVE-2025-26529 is a stored Cross-Site Scripting (XSS) vulnerability found in Moodle's site administration live log functionality. The vulnerability exists because description information displayed in the site administration live log was not properly sanitized. This flaw affects Moodle versions 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15, and earlier unsupported versions. Successful exploitation of this vulnerability could allow attackers to inject malicious scripts that would be executed in the context of other users' browsers when they view the affected live log section in the site administration area. To remediate this vulnerability, users are advised to upgrade to the patched versions: Moodle 4.5.2, 4.4.6, 4.3.10, and 4.1.16. The fix involves implementing proper sanitization for event descriptions in the live log functionality.
- Description
- Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
- Source
- patrick@puiterwijk.org
- NVD status
- Analyzed
- Products
- moodle
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- patrick@puiterwijk.org
- CWE-79
- Hype score
- Not currently trending
🚨CVE-2025-26529: Moodle XSS to RCE Exploit Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. https://t.co/oWD0mOVHOH
@DarkWebInformer
2 Jan 2026
14722 Impressions
35 Retweets
284 Likes
135 Bookmarks
5 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2025-31125 3 - CVE-2025-31161 4 - CVE-2018-17144 5 - CVE-2025-26529 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2024-26809 3 - CVE-2025-46337 4 - CVE-2025-26529 5 - CVE-2025-32433 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
4 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"PoC for CVE-2025-26529: Moodle XSS to RCE Exploit" Credit: https://t.co/fCGtS6Uzqq https://t.co/Nw5oUdiDSn
@DarkWebInformer
2 May 2025
14640 Impressions
44 Retweets
226 Likes
162 Bookmarks
2 Replies
0 Quotes
CVE-2025-26529 Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. https://t.co/qTjErE7N8w
@CVEnew
24 Feb 2025
383 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[CVE-2025-26529: HIGH] Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.#cybersecurity,#vulnerability https://t.co/0Gq1sG4pS8 https://t.co/4i52bSs3ut
@CveFindCom
24 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Admin #Account Takeover in Moodle! [#CVE-2025-26529] https://t.co/1ifN7Qdiu2
@UndercodeUpdate
23 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABE6D6ED-55D3-46B4-84DC-7C3684E3260E",
"versionEndExcluding": "4.1.16",
"versionStartIncluding": "4.1.0"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DF83192-5999-4E1B-B109-A1B0F68437B2",
"versionEndExcluding": "4.3.10",
"versionStartIncluding": "4.3.0"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B91CC5BB-FFB9-4D09-9001-105A8B68208E",
"versionEndExcluding": "4.4.6",
"versionStartIncluding": "4.4.0"
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "830F7FD6-3257-44A2-9599-2C5C2FF2BA20",
"versionEndExcluding": "4.5.2",
"versionStartIncluding": "4.5.0"
}
],
"operator": "OR"
}
]
}
]