-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe exploit demonstrates XSS via the 'role' parameter, indicating insufficient input sanitization. In Yii2, XSS typically occurs when user-controlled data (like $_GET parameters) is rendered in views without escaping. While the exact functions/files aren't specified in advisories, the role parameter's involvement suggests vulnerabilities in controller actions handling input and view templates rendering it. Confidence is medium due to the lack of explicit code references but strong contextual alignment with Yii2 XSS patterns.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ptheofan/yii2-statemachine | composer | >= 2.0.0-RC1, <= 2.0.0 |
PHPPHPOngoing coverage of React2Shell