-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.5.0-beta, < 4.5.2 | 4.5.2 |
| moodle/moodle | composer | >= 4.4.0-beta, < 4.4.6 | 4.4.6 |
| moodle/moodle | composer | >= 4.3.0-beta, < 4.3.10 | 4.3.10 |
| moodle/moodle | composer | < 4.1.16 | 4.1.16 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization in the admin live log display. The commit MDL-84145 explicitly mentions addressing this by formatting event descriptions as plain text. Moodle's report_loglive component handles log rendering, and the renderer.php file contains display logic. The high confidence comes from the direct correlation between the commit message, the component structure, and the XSS vulnerability type requiring output sanitization fixes.
KEV Misses 88% of Exploited CVEs- Get the report