Home
MEDIUM: 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NDefault status
unaffected
4.5.0 (semver) before 4.5.4
affected
4.4.0 (semver) before 4.4.8
affected
4.3.0 (semver) before 4.3.12
affected
4.1.0 (semver) before 4.1.18
affected
Description
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Problem types
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
4.5.0 (semver) before 4.5.4
4.4.0 (semver) before 4.4.8
4.3.0 (semver) before 4.3.12
4.1.0 (semver) before 4.1.18
Timeline
| 2025-04-15: | Reported to Red Hat. |
| 2025-04-22: | Made public. |
References
access.redhat.com/security/cve/CVE-2025-3643
bugzilla.redhat.com/show_bug.cgi?id=2359742 (RHBZ#2359742)
moodle.org/mod/forum/discuss.php?d=467604