-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | <= 8.0.3 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability manifests in exports/export.php through the 'datatoexport' parameter. While the exact function name isn't specified in available sources, the core issue is the unsanitized reflection of this parameter in HTML output. The PoC demonstrates direct parameter injection in the URL, and XSS vulnerabilities typically occur when untrusted input is rendered without escaping. The file path and parameter name are explicitly referenced in all vulnerability reports, making this identification conclusive despite the lack of specific function names.
Ongoing coverage of React2Shell