-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the unescaped use of params.route_params.path in the DOM manipulation code within the Sammy route handler. The patch explicitly adds .esc() to sanitize this input, confirming the lack of proper escaping was the root cause. The code directly injects URL parameters into the page without sanitization, enabling XSS payload execution.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.solr:solr | maven | < 5.3 | 5.3 |
Ongoing coverage of React2Shell