Moodle Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Moodle's policy tool return URL. This issue allows remote attackers to inject malicious scripts by exploiting insufficient sanitization of URL parameters. Successful exploitation could result in information disclosure or the execution of arbitrary client-side scripts in the user's browser.

Impact

Exploitation of this vulnerability could lead to the execution of malicious scripts in the context of the user's browser, potentially allowing attackers to access sensitive information such as cookies or session data. In some cases, this could be combined with other vulnerabilities to execute arbitrary code on the victim's computer.

Added: Feb 3, 2026, 11:20 AM

Updated: Feb 3, 2026, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.0

exploitability

6.2

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.0

exploitability

6.2

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

mooodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating