-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 2.3, < 2.3.13 | 2.3.13 |
| silverstripe/framework | composer | >= 2.4, < 2.4.7 | 2.4.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from template helper methods returning unescaped HTML/XML content. The GitHub patch shows these methods had their return type casting modified to enforce proper escaping (e.g., casting to HTMLText or Text). The 18 listed methods in the CVE description were missing output encoding in vulnerable versions, as evidenced by the $casting array modifications in HTMLText.php, Text.php, and Varchar.php. High confidence comes from the direct correlation between the patched casting declarations and the CVE's listed vulnerable methods.