-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| limesurvey/limesurvey | composer | < 3.17.14 | 3.17.14 |
Miggo AIRoot Cause AnalysisThe GitHub commit diff shows the vulnerability was patched by adding CHtml::encode() to sanitize the group title in the delete action. The original code used unsanitized $sGroupTitle in a flash message, allowing XSS payload execution when an admin deletes the malicious group. The advisory explicitly mentions this stored XSS vector through survey group titles during deletion.
Ongoing coverage of React2Shell