CVE-2025-26528 — The drag-and-drop onto image (ddimageortext) question type required additional s... | CVE Daily

Low CVSS 3.4

Overview

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CWE: CWE-79 Published: 2025-02-24T20:15:33.543

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.4 (LOW)
Detected tags: stored_xss, xss (tag impact: MODERATE)

Recommended actions:

Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags