cbcvebase.
CVE-2025-34032
published 2025-06-24

CVE-2025-34032: A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The…

PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.5th percentile
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

Affected

2 ranges
VendorProductVersion rangeFixed in
geoffrowlandjmol<= 6.1
moodlejmol_plugin<= 6.1

Detection & IOCsextracted from sources · hover to see the quote

path/jsmol.php
yara
Moodle LMS Jmol Plugin alert\(document\.domain\)\s*$
  • Monitor HTTP requests targeting jsmol.php with a 'data' parameter containing JavaScript payloads (e.g., alert, document.domain, script tags). Reflected XSS is triggered via a crafted malicious link delivered to victims.
  • Active exploitation of this vulnerability was observed in the wild by the Shadowserver Foundation on 2025-02-02 UTC. Prioritize detection and patching for internet-exposed Moodle instances running Jmol plugin ≤ 6.1.
  • Session hijacking is a likely post-exploitation objective. Monitor for anomalous session cookie usage or unexpected authenticated actions following delivery of links containing jsmol.php?data= payloads.
  • ·Vulnerability is limited to Jmol plugin version 6.1 and prior. Instances running a patched or newer version are not affected by this specific attack vector.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.