CVE-2025-34032
published 2025-06-24CVE-2025-34032: A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The…
PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.63%
45.5th percentile
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geoffrowland | jmol | <= 6.1 | — |
| moodle | jmol_plugin | <= 6.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara
Moodle LMS Jmol Plugin alert\(document\.domain\)\s*$
- →Monitor HTTP requests targeting jsmol.php with a 'data' parameter containing JavaScript payloads (e.g., alert, document.domain, script tags). Reflected XSS is triggered via a crafted malicious link delivered to victims. ↗
- →Active exploitation of this vulnerability was observed in the wild by the Shadowserver Foundation on 2025-02-02 UTC. Prioritize detection and patching for internet-exposed Moodle instances running Jmol plugin ≤ 6.1. ↗
- →Session hijacking is a likely post-exploitation objective. Monitor for anomalous session cookie usage or unexpected authenticated actions following delivery of links containing jsmol.php?data= payloads. ↗
- ·Vulnerability is limited to Jmol plugin version 6.1 and prior. Instances running a patched or newer version are not affected by this specific attack vector. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vulncheck5.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pj56-mpf8-xh3c: A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6
ghsa_unreviewed·2025-06-26
CVE-2025-34032 [MEDIUM] CWE-20 GHSA-pj56-mpf8-xh3c: A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.
VulnCheck
geoffrowland jmol Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2025·CVSS 5.1
CVE-2025-34032 [MEDIUM] geoffrowland jmol Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
geoffrowland jmol Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
Affected: Moodle LMS Jmol Plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailabl
No detection rules found.
Nuclei
Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
nuclei·CVSS 5.1
CVE-2025-34032 [MEDIUM] Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
Moodle LMS Jmol Plugin alert\(document\.domain\)\s*$'
# digest: 4b0a00483046022100aff8b38c95ada3ed4deee1b816660000f1fc176b6db140923fb7d94216440761022100c4a71f0cdef2202e1f83fa85a193a9a8de9c489d28077671e8a0d39978708683:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2025-06-24
Published
Exploited in the wild