CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

June 23, 2025

CVE ID : CVE-2025-34032

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim’s browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34033 – Blue Angel Software Suite OS Command Injection Vulnerability

Next Article CVE-2025-34031 – Moodle LMS Jmol Plugin Path Traversal Vulnerability

Highlights

CVE-2025-32022 – Finit Urandom Heap Buffer Overwrite Vulnerability

May 6, 2025

CVE ID : CVE-2025-32022

Published : May 6, 2025, 5:16 p.m. | 2 hours, 19 minutes ago

Description : Finit provides fast init for Linux systems. Finit’s urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects everyone using Finit 4.2 or later that do not explicitly disable the plugin at build time. This bug is fixed in Finit 4.12. Those who cannot upgrade or backport the fix to urandom.c are strongly recommended to disable the plugin in the call to the `configure` script.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

Learn REST API Principles by Building an Express App

Why NHIs Are Security’s Most Dangerous Blind Spot

CVE-2025-9430 – Mtons Mblog Cross-Site Scripting Vulnerability

CVE-2025-32022 – Finit Urandom Heap Buffer Overwrite Vulnerability

Have a damaged painting? Restore it in just hours with an AI-generated “mask”

CISA Warns Critical Flaws in KUNBUS Revolution Pi Exposing Industrial Systems to Remote Attacks

Symantec: Windows-lek voor uitkomen patch gebruikt bij malware-aanval

CVE-2025-34032 – Moodle LMS Jmol Reflected Cross-Site Scripting Vulnerability

Related Posts