-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| encore/laravel-admin | composer | = 1.7.3 |
Miggo AIRoot Cause AnalysisThe XSS vulnerability stems from improper output encoding when displaying user-controlled Role Slug/Name values in the Operation Log. While exact code isn't visible, the pattern matches Laravel Blade XSS vulnerabilities where: 1) Controllers pass raw user input to views, and 2) Views use unescaped output syntax. The 'wontfix' label suggests the vulnerability exists in the view layer's rendering mechanism rather than input validation.
Ongoing coverage of React2Shell