-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | >= 3.5.0, < 3.5.8 | 3.5.8 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized use of the 'search_nom' parameter in two PHP files. The commit a7f6bbd shows the fix added htmlspecialchars() escaping for parameters in URL construction and form inputs. Before this fix, the raw user input from $_GET/$_POST was directly embedded in HTML outputs like search forms and URL parameters, making the main request handling logic in both societe.php and admin/societe.php vulnerable to reflected XSS through the Business Search field.