-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly names HttpRequestService::getSegments() and getActionSegments() as the source of non-zero-based arrays. This array indexing issue indicates improper input handling from URL routing components. When these segments are used in template rendering without proper escaping (a common pattern in MVC frameworks), it creates XSS opportunities. The high confidence comes from direct attribution in both CVE description and GHSA advisory, combined with the XSS nature of CWE-79.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| craftcms/cms | composer | < 2.6.2976 | 2.6.2976 |