-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe commit MDL-82896 specifically mentions cleaning drop zone label text in qtype_ddimageortext. Moodle's question type architecture typically handles input validation in edit forms (edit_*_form.php) and output rendering in question.php. The vulnerability required improper neutralization of input during web page generation (CWE-79), pointing to form processing and rendering functions as the likely culprits. The high confidence for the edit_form function comes from direct commit references to label handling improvements, while medium confidence for rendering functions comes from typical XSS patterns in output handling.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.5.0-beta, < 4.5.2 | 4.5.2 |
| moodle/moodle | composer | >= 4.4.0-beta, < 4.4.6 | 4.4.6 |
| moodle/moodle | composer | >= 4.3.0-beta, < 4.3.10 | 4.3.10 |
| moodle/moodle | composer | < 4.1.16 | 4.1.16 |