CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

June 23, 2025

CVE ID : CVE-2025-34032

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim’s browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34033 – Blue Angel Software Suite OS Command Injection Vulnerability

Next Article CVE-2025-34031 – Moodle LMS Jmol Plugin Path Traversal Vulnerability

Highlights

CVE-2025-6100 – Realguoshuai Open-Video-CMS SQL Injection Vulnerability

June 16, 2025

CVE ID : CVE-2025-6100

Published : June 16, 2025, 2:15 a.m. | 4 hours, 3 minutes ago

Description : A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

Inside GitHub: How we hardened our SAML implementation

The Serverless Architecture Handbook: How to Publish a Node Js Docker Image to AWS ECR and Deploy the Container to AWS Lambda

WhatsApp privacy is ‘broken,’ reveals proof-of-concept hack

CVE-2025-6100 – Realguoshuai Open-Video-CMS SQL Injection Vulnerability

CVE-2025-4114 – Netgear JWNR2000 Buffer Overflow Vulnerability

Quality begins with planning: Building software with the right mindset

Bridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals

CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

Related Posts