CVE-2021-25006

CVE-2021-25006: MOLIE <= 0.5 - Reflected Cross-Site Scripting

Vendor Unknown
Product MOLIE – Instructure Canvas Linking tool
Weakness CWE-79 · XSS
Published March 14, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37556 WordPress WordPress Notification Bar plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters CVE-2022-1326 Form - Contact Form <= 1.2.0 - Admin+ Stored Cross-Site Scripting CVE-2025-12484 Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting CVE-2025-8346 Portabilis i-Educar educar_aluno_lst.php cross site scripting