SCA: security update for moodle/moodle (GHSA-6mmv-f6c6-v6q8)

medium Tenable Cloud Security Plugin ID 437474

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to
insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote
attacker could inject malicious code into these fields. When other users view these expressions, the
malicious code would execute in their web browsers, potentially compromising their data or leading to
unauthorized actions. (CVE-2025-67850)

See Also

https://github.com/advisories/GHSA-6mmv-f6c6-v6q8

Plugin Details

Severity: Medium

ID: 437474

Version: Revision 1.11

Type: Local

Family: SCA Checks

Published: 2/3/2026

Updated: 6/24/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.42

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-67850

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 2/3/2026

Vulnerability Publication Date: 2/3/2026

Reference Information

CVE: CVE-2025-67850

cwe: CWE-79