What the vulnerability does

01Description

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Key dates

02Disclosure timeline

November 23, 2022 CVE published
April 25, 2025 Record updated