-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | < 7.0.0 | 7.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the product details page (product/card.php) where user-supplied input (product label) is stored without proper sanitization. The provided payload uses attribute obfuscation to bypass XSS detection mechanisms. Since the advisory explicitly references the product/card.php URL and stored XSS behavior, the form processing logic in this file is the most likely culprit. The lack of output escaping during rendering or insufficient input validation during submission (e.g., using GETPOST without strict sanitization flags) would leave the system vulnerable. The high confidence stems from the direct correlation between the described attack vector and the product/card.php endpoint's responsibility for handling product data updates.