Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2025-26528

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
moodle / moodle 4.5.0-beta 4.5.2
moodle / moodle 4.4.0-beta 4.4.6
moodle / moodle 4.3.0-beta 4.3.10
moodle / moodle - 4.1.16