CNNVD-202510-2738 Information

CNNVD ID

CNNVD-202510-2738

Related CVE

CVE-2025-60506

• CNNVD Published: 2025-10-21

Description (Chinese)

Moodle PDF Annotator plugin是Moodle开源的一个教学插件。 Moodle PDF Annotator plugin 1.5 release 9版本存在安全漏洞，该漏洞源于公共评论功能未正确过滤输入，可能导致存储型跨站脚本攻击。

Description (English)

Moodle PDF Annotator Plugin is an open-source teaching plugin for Moodle. A security loophole exists in version 1.5 release 9 of Modele PDF Annotator Plugin, which stems from the incorrect filtering of public comments, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Moodle

Published

2025-10-21

Last Modified

2026-02-24

References

https://github.com/onurcangnc/moodle-xss-pdfannotator https://onurcangenc.com.tr/blog/moodle-xss-pdfannotator https://onurcangenc.com.tr/posts/cve-2025-60506-stored-cross-site-scripting-xss-in-moodle-pdf-annotator-plugin-v1-5-release-9/ https://access.redhat.com/security/cve/cve-2025-60506