Moodle Genai Plugin Xss
Sign in to watchby Onurcangnc
Source repositories
CVEs (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-60507 | Hig | 0.58 | 8.9 | 0.00 | Oct 21, 2025 | Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users (including Students or Administrators) click the link, the payload executes in their browser. |