-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ezsystems/ezpublish-legacy | composer | >= 5.4.0, < 5.4.10 | 5.4.10 |
| ezsystems/ezpublish-legacy | composer | >= 5.3.0, < 5.3.12.1 | 5.3.12.1 |
Miggo AIRoot Cause AnalysisThe commit diff shows critical changes where HTTP parameters were cast to integers or validated with is_numeric(). This indicates these parameters were previously vulnerable to XSS via unvalidated string input. The $http->variable() method retrieves user-controlled values, and lack of sanitization before output in the search module made them XSS vectors. The patch adds type casting/validation, confirming these were the vulnerable points.
A Semantic Attack on Google Gemini - Read the Latest Research