-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| october/october | composer | <= 1.0.412 | 1.0.413 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization of the brand logo image name during upload/configuration. The patch in v1.0.413 (visible in the referenced diff) likely added HTML escaping or validation to this settings handler. The backend Index controller directly manages brand settings, making this method the logical point of injection. The CVE specifically mentions stored XSS via brand logo name, which aligns with this function's responsibility for handling and persisting that exact parameter.