-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rainlab/blog-plugin | composer | < 1.4.1 | 1.4.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key points: 1) The BlogMarkdown widget explicitly disabled HTML cleaning via shouldCleanHtml(), passing raw input to the model. 2) The Post::formatHtml method lacked proper HTML sanitization (via Html::clean()) for non-privileged users before the patch. Together, these allowed unauthenticated XSS through blog post content. The patch added Html::clean() conditional checks in Post.php and formalized the unsafe Markdown permission, confirming these were the missing safeguards.