{"id":76226,"date":"2026-02-03T14:22:03","date_gmt":"2026-02-03T10:52:03","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-67850-moodle-moodle-cross-site-scripting-vulnerability-via-inadequate-input-filtering-in-formula-editor\/"},"modified":"2026-02-03T14:22:03","modified_gmt":"2026-02-03T10:52:03","slug":"cve-2025-67850-moodle-moodle-cross-site-scripting-vulnerability-via-inadequate-input-filtering-in-formula-editor","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-67850-moodle-moodle-cross-site-scripting-vulnerability-via-inadequate-input-filtering-in-formula-editor\/","title":{"rendered":"CVE-2025-67850 &#8211; Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor"},"content":{"rendered":"<p>CVE ID : CVE-2025-67850<\/p>\n<p>Published :  Feb. 3, 2026, 10:52 a.m. | 25\u00a0minutes ago<\/p>\n<p>Description : A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor&#8217;s arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.<\/p>\n<p>Severity: 7.3 | HIGH<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-67850 Published : Feb. 3, 2026, 10:52 a.m. | 25\u00a0minutes ago Description : A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor&#8217;s arithmetic expression fields. A remote attacker could inject malicious code into these fields. When &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76226","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76226"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76226\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}