Description
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Remediation
References
Related Vulnerabilities
Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-22016)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5481)
WordPress Plugin JSON API User Unspecified Vulnerability (3.9.6)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-69421)