VYPR

Moodle XSS Pdfannotator

by Onurcangnc

Source repositories

CVEs (1)

  • CVE-2025-60506MedOct 21, 2025
    risk 0.35cvss 5.4epss 0.00

    Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or…