VYPR

Moodle Genai Plugin XSS

by Onurcangnc

Source repositories

CVEs (1)

  • CVE-2025-60507HigOct 21, 2025
    risk 0.58cvss 8.9epss 0.00

    Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users…