-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'ContactId' parameter in leadscoring.php. The commit diff shows the fix added htmlspecialchars() to sanitize this input. The example script reflects user input directly into HTML attributes and content without sanitization in its original form, making it susceptible to XSS. While no named functions are involved, the inline PHP code handling the parameter is the vulnerable point.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| novaksolutions/infusionsoft-php-sdk | composer | < 1.0 | 1.0 |
Ongoing coverage of React2Shell