Description

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

Remediation

References

CVE-2025-62400

Related Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System Cross-Site Scripting (9.1.1)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-4838)

Magento Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3458)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3057)

WordPress Plugin Image Gallery with Slideshow 'upload-file.php' Arbitrary File Upload (1.5)

Severity

Medium

Classification

CVE-2025-62400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities