CNNVD-202510-2725 Information

CNNVD ID

CNNVD-202510-2725

Related CVE

CVE-2025-60507

• CNNVD Published: 2025-10-21

Description (Chinese)

Moodle GeniAI plugin是Moodle开源的一个大模型插件。 Moodle GeniAI plugin 2.3.6版本存在安全漏洞，该漏洞源于未清理PDF文件中嵌入的JavaScript，可能导致跨站脚本攻击。

Description (English)

Moodle GeniAI pugin is a large model plugin for Moodle open source. Version 2.3.6 of Moodle GeniAI plugin contains a security loophole originating from JavaScript, embedded in the PDF file, which could lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Moodle

Published

2025-10-21

Last Modified

2026-02-24

References

https://github.com/onurcangnc/moodle_genai_plugin_xss https://moodle.org/plugins/local_geniai https://moodle.org/security/ https://onurcangenc.com.tr/posts/moodle-genia%C4%B1-plugin-vulnerability-stored-reflected-xss-via-pdf-upload-and-chatbot-%C4%B1nput/ https://access.redhat.com/security/cve/cve-2025-60507