-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability occurs in admin/mails.php's email configuration interface where user-supplied input from the 'Sender email' field is stored and later displayed without proper HTML escaping. While the exact function name isn't specified in available resources, the file path and attack pattern (stored XSS through admin settings) strongly indicate insufficient output encoding in the form handling logic. The high confidence comes from the clear correlation between the described vulnerability pattern (XSS in admin settings form) and typical PHP web application vulnerabilities where user-controlled input isn't properly escaped before redisplay.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | = 10.0.2 |
Ongoing coverage of React2Shell