-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe key vulnerability stems from insufficient input sanitization in the folder creation handler within folders.queries.php. The patch adds FILTER_SANITIZE_STRING filtering to the 'access_level' parameter (via filter_var), which was missing in vulnerable versions. This parameter is user-controllable through the folder creation interface and would be reflected in the application's HTML output without proper escaping, enabling XSS. The commit diff shows critical security-focused changes in this file, confirming this as the primary vulnerability source.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nilsteampassnet/teampass | composer | < 2.1.27.9 | 2.1.27.9 |