Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fskk-cb95-uqer
Vulnerability ID VCID-fskk-cb95-uqer
Aliases CVE-2020-25628
GHSA-5x33-h32w-6vr2
Summary Cross-site Scripting The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2020-25628
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/e8632a4ad0b4da3763cbbe5949594aa449b483bb
generic_textual MODERATE https://github.com/moodle/moodle/commit/e8632a4ad0b4da3763cbbe5949594aa449b483bb
cvssv3.1 6.1 https://moodle.org/mod/forum/discuss.php?d=410840
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=410840
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-25628
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-25628
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
https://api.first.org/data/v1/epss?cve=CVE-2020-25628
https://github.com/moodle/moodle/commit/e8632a4ad0b4da3763cbbe5949594aa449b483bb
https://moodle.org/mod/forum/discuss.php?d=410840
CVE-2020-25628 https://nvd.nist.gov/vuln/detail/CVE-2020-25628
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/e8632a4ad0b4da3763cbbe5949594aa449b483bb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=410840
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-25628
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.48377
EPSS Score 0.00249
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:20:39.213484+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2020-25628.yml 38.6.0