-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient sanitization when loading stored equations into the editor interface. Based on: 1) The equation editor context requiring additional sanitization 2) XSS occurring when editing another user's content 3) Typical Moodle architecture where Atto editor plugins handle content rendering. The high-confidence function handles raw equation retrieval, while the medium-confidence function handles display rendering. Both would need proper context-specific escaping (HTML/js) that was missing in vulnerable versions.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.3.0, < 4.3.4 | 4.3.4 |
| moodle/moodle | composer | >= 4.2.0, < 4.2.7 | 4.2.7 |
| moodle/moodle | composer |
| < 4.1.10 |
| 4.1.10 |
Ongoing coverage of React2Shell