Moodle Jmol Plugin vulnerabilities
2 known vulnerabilities affecting moodle/jmol_plugin.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-34031P1HIGHCVSS 7.5ExploitedPoC≤ 6.12025-06-24
CVE-2025-34031 [HIGH] CWE-22 CVE-2025-34031: A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the qu
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerabili
nvd
CVE-2025-34032P1MEDIUMCVSS 6.1ExploitedPoC≤ 6.12025-06-24
CVE-2025-34032 [MEDIUM] CWE-79 CVE-2025-34032: A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link
nvd