Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-ewey-azre-s3fh

Summary

Moodle Cross-site Scripting (XSS) vulnerability
A flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.

Aliases

alias	CVE-2025-67849

alias	GHSA-mhf6-pp52-8wqj

Fixed_packages

url	pkg:composer/moodle/moodle@4.1.22
purl	pkg:composer/moodle/moodle@4.1.22
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.22

url	pkg:composer/moodle/moodle@4.4.12
purl	pkg:composer/moodle/moodle@4.4.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12

url	pkg:composer/moodle/moodle@4.5.8
purl	pkg:composer/moodle/moodle@4.5.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8

url	pkg:composer/moodle/moodle@5.0.4
purl	pkg:composer/moodle/moodle@5.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4

url	pkg:composer/moodle/moodle@5.1.1
purl	pkg:composer/moodle/moodle@5.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1

Affected_packages

url pkg:composer/moodle/moodle@4.4.0-beta

purl pkg:composer/moodle/moodle@4.4.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vuz-a4xt-5qd4

vulnerability	VCID-4rt1-tzwg-4kgg

vulnerability	VCID-4uwn-m5xb-8ufn

vulnerability	VCID-595g-p5gs-8fdf

vulnerability	VCID-5gaz-3z56-z7h6

vulnerability	VCID-5j8c-enhg-2kgw

vulnerability	VCID-5pak-k74c-6fda

vulnerability	VCID-5wd4-h2bh-vyh9

vulnerability	VCID-7f2q-hz7t-tkdx

vulnerability	VCID-7r7p-pcsy-ubbj

vulnerability	VCID-7xms-9t2c-vbbv

vulnerability	VCID-7z2w-xpn7-gbhm

vulnerability	VCID-9put-kp7s-ybae

vulnerability	VCID-aa5b-kczd-a7cz

vulnerability	VCID-aac8-q8g6-ebfw

vulnerability	VCID-au2d-mwnn-rkau

vulnerability	VCID-cf3k-pt7y-d3c9

vulnerability	VCID-d19b-f2vj-fqg7

vulnerability	VCID-d2nv-u78g-wfab

vulnerability	VCID-dd69-413v-qqhf

vulnerability	VCID-eutz-ecg4-b3he

vulnerability	VCID-evtb-ua7c-3fed

vulnerability	VCID-ewey-azre-s3fh

vulnerability	VCID-ftn9-k5y2-w3bs

vulnerability	VCID-fxtg-r97u-67eh

vulnerability	VCID-hatj-wvm3-rfhc

vulnerability	VCID-k45j-wnny-nfa2

vulnerability	VCID-kee8-pqk2-kfcj

vulnerability	VCID-ku6h-6thp-83fb

vulnerability	VCID-me85-hcys-6fdq

vulnerability	VCID-mqj9-khvp-2yca

vulnerability	VCID-nfjk-e6e8-p3e9

vulnerability	VCID-qh5p-6k6w-qyck

vulnerability	VCID-qjmt-cfak-nqax

vulnerability	VCID-qnbd-sejn-pfgp

vulnerability	VCID-r9jc-krzs-xqaa

vulnerability	VCID-rh68-hatq-rqbr

vulnerability	VCID-rhfu-3c2s-1qf6

vulnerability	VCID-rtyx-yt5p-sbdn

vulnerability	VCID-s1fh-tmja-6qfe

vulnerability	VCID-sjws-ab9q-3kbn

vulnerability	VCID-smgv-8j8r-1ba9

vulnerability	VCID-tnmx-z91x-a3cu

vulnerability	VCID-uh88-xnv2-vfd6

vulnerability	VCID-vgeq-urx5-mya1

vulnerability	VCID-w7x5-qn5z-r3fk

vulnerability	VCID-xxtt-z6tn-mqc5

vulnerability	VCID-yc6x-egm8-cbgv

vulnerability	VCID-z25b-g2p4-37dc

vulnerability	VCID-zstw-f2zz-gqfw

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.0-beta

url pkg:composer/moodle/moodle@4.5.0-beta

purl pkg:composer/moodle/moodle@4.5.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h6c-6mgm-akc2

vulnerability	VCID-4rt1-tzwg-4kgg

vulnerability	VCID-4uwn-m5xb-8ufn

vulnerability	VCID-5gaz-3z56-z7h6

vulnerability	VCID-5j8c-enhg-2kgw

vulnerability	VCID-5pak-k74c-6fda

vulnerability	VCID-5wd4-h2bh-vyh9

vulnerability	VCID-72zd-5ej9-bba2

vulnerability	VCID-7z2w-xpn7-gbhm

vulnerability	VCID-9put-kp7s-ybae

vulnerability	VCID-a6w6-penj-kuds

vulnerability	VCID-aa5b-kczd-a7cz

vulnerability	VCID-aac8-q8g6-ebfw

vulnerability	VCID-d2nv-u78g-wfab

vulnerability	VCID-dd69-413v-qqhf

vulnerability	VCID-de7j-3de2-s3ee

vulnerability	VCID-eutz-ecg4-b3he

vulnerability	VCID-evtb-ua7c-3fed

vulnerability	VCID-ewey-azre-s3fh

vulnerability	VCID-fcf4-tf5h-hfcr

vulnerability	VCID-ftn9-k5y2-w3bs

vulnerability	VCID-fxtg-r97u-67eh

vulnerability	VCID-hatj-wvm3-rfhc

vulnerability	VCID-k45j-wnny-nfa2

vulnerability	VCID-kee8-pqk2-kfcj

vulnerability	VCID-ku6h-6thp-83fb

vulnerability	VCID-n36b-c9ch-6fgr

vulnerability	VCID-qh5p-6k6w-qyck

vulnerability	VCID-qnbd-sejn-pfgp

vulnerability	VCID-rhfu-3c2s-1qf6

vulnerability	VCID-rtyx-yt5p-sbdn

vulnerability	VCID-s1fh-tmja-6qfe

vulnerability	VCID-smgv-8j8r-1ba9

vulnerability	VCID-tnmx-z91x-a3cu

vulnerability	VCID-vgeq-urx5-mya1

vulnerability	VCID-w7x5-qn5z-r3fk

vulnerability	VCID-xxtt-z6tn-mqc5

vulnerability	VCID-yc6x-egm8-cbgv

vulnerability	VCID-ysax-7hvs-mkct

vulnerability	VCID-zaff-9ezm-aba1

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.0-beta

url pkg:composer/moodle/moodle@5.0.0-beta

purl pkg:composer/moodle/moodle@5.0.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h6c-6mgm-akc2

vulnerability	VCID-4uwn-m5xb-8ufn

vulnerability	VCID-7z2w-xpn7-gbhm

vulnerability	VCID-a6w6-penj-kuds

vulnerability	VCID-aac8-q8g6-ebfw

vulnerability	VCID-cghw-xbkf-juh9

vulnerability	VCID-de7j-3de2-s3ee

vulnerability	VCID-eutz-ecg4-b3he

vulnerability	VCID-evtb-ua7c-3fed

vulnerability	VCID-ewey-azre-s3fh

vulnerability	VCID-fcf4-tf5h-hfcr

vulnerability	VCID-jcxv-jtyh-f7e9

vulnerability	VCID-k45j-wnny-nfa2

vulnerability	VCID-qnbd-sejn-pfgp

vulnerability	VCID-smgv-8j8r-1ba9

vulnerability	VCID-xxtt-z6tn-mqc5

vulnerability	VCID-ysax-7hvs-mkct

vulnerability	VCID-zaff-9ezm-aba1

vulnerability	VCID-zd4r-bn1p-27a5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.0-beta

url pkg:composer/moodle/moodle@5.1.0-beta

purl pkg:composer/moodle/moodle@5.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4uwn-m5xb-8ufn

vulnerability	VCID-aac8-q8g6-ebfw

vulnerability	VCID-eutz-ecg4-b3he

vulnerability	VCID-evtb-ua7c-3fed

vulnerability	VCID-ewey-azre-s3fh

vulnerability	VCID-jcxv-jtyh-f7e9

vulnerability	VCID-k45j-wnny-nfa2

vulnerability	VCID-qnbd-sejn-pfgp

vulnerability	VCID-smgv-8j8r-1ba9

vulnerability	VCID-xxtt-z6tn-mqc5

vulnerability	VCID-zaff-9ezm-aba1

vulnerability	VCID-zd4r-bn1p-27a5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.0-beta

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-67849

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.0062
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-67849

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2423835

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2423835

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03

reference_url

https://moodle.org/mod/forum/discuss.php?d=471299

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=471299

reference_url

https://access.redhat.com/security/cve/CVE-2025-67849

reference_id

CVE-2025-67849

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/

url

https://access.redhat.com/security/cve/CVE-2025-67849

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-67849

reference_id

CVE-2025-67849

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-67849

reference_url

https://github.com/advisories/GHSA-mhf6-pp52-8wqj

reference_id

GHSA-mhf6-pp52-8wqj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhf6-pp52-8wqj

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewey-azre-s3fh

Vulnerability Instance