Miggo Logo
Miggo Vulnerability Database
CVE-2018-10366

CVE-2018-10366: User Plugin for October CSS Allows XSS

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-10366
GHSA ID
GHSA-x5jc-34xf-c24q
EPSS Score
0.64232%
CWE
CWE-79
Published
5/14/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
rainlab/user-plugincomposer<= 1.4.51.5.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped output in the name field input. The patch replaced form_value('name') with user.name, which implies form_value() lacked built-in escaping. The commit message explicitly states 'form_value() doesn't use escaping', confirming it was the vulnerable function. The XSS occurs when user-supplied input from the name field is rendered without proper sanitization in the template.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** Us*rs (*k* *ront-*n* us*r m*n***m*nt) plu*in *.*.* *or O*to**r *MS. XSS *xists in t** n*m* *i*l*.

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output in t** n*m* *i*l* input. T** p*t** r*pl**** *orm_v*lu*('n*m*') wit* us*r.n*m*, w*i** impli*s *orm_v*lu*() l**k** *uilt-in *s**pin*. T** *ommit m*ss*** *xpli*itly st*t*s '*orm_v*lu*() *o*sn't us* *s**pin*'