Miggo Logo

CVE-2018-5233: Grav CMS Cross-site scripting (XSS) vulnerability

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.94982%
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
getgrav/gravcomposer< 1.3.01.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper output encoding in error handling:

  1. The code constructs $error_msg using the requested path (PATH_INFO) which contains user-controlled input
  2. This unsanitized $error_msg is passed to RuntimeException in both the catch block (line 355) and else clause (line 358)
  3. The exception message is rendered directly in error templates without HTML entity encoding
  4. Proof of Concepts demonstrate direct script execution via path manipulation
  5. The patch in v1.3.0 would logically involve adding proper encoding when handling $error_msg

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in `syst*m/sr*/*r*v/*ommon/Twi*/Twi*.p*p` in *r*v *MS ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** P*T*_IN*O to **min/tools.

Reasoning

T** vuln*r**ility st*ms *rom improp*r output *n*o*in* in *rror **n*lin*: *. T** *o** *onstru*ts $*rror_ms* usin* t** r*qu*st** p*t* (P*T*_IN*O) w*i** *ont*ins us*r-*ontroll** input *. T*is uns*nitiz** $*rror_ms* is p*ss** to Runtim**x**ption in *ot*