-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| kevinpapst/kimai2 | composer | < 1.1 | 1.1 |
Miggo AIRoot Cause AnalysisThe XSS vulnerability was patched in commit a0e8aa3 via PR #962, which modified MarkdownExtension.php. The codecov report shows this file was impacted, and release notes explicitly mention this fix addresses timesheet description XSS. As Markdown processing functions are common XSS vectors when unescaped HTML is allowed, and the patch likely added sanitization or safe rendering flags to markdownToHtml(), this function is the clear entry point for the vulnerability.
PHPPHPOngoing coverage of React2Shell