-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe commit diff shows the vulnerable code was 'return print_r($value, true);' without HTML escaping. This function handles error data rendering, and unescaped output of arbitrary values (including user input) in HTML context creates XSS. The patch adds htmlspecialchars() to sanitize output, confirming this was the vulnerability vector. The CVE description and commit message explicitly reference this function as the source of XSS when Symfony's dumper isn't available.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| filp/whoops | composer | < 2.1.13 | 2.1.13 |
Ongoing coverage of React2Shell