-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| verbb/comments | composer | < 1.5.5 | 1.5.5 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly involves XSS through asset volume names. The patch notes (v1.5.5) specifically mention fixing XSS in asset volume names, indicating the rendering logic lacked proper output encoding. While exact function names aren't available, the pattern suggests: 1) Data flow from volume name storage to display contexts 2) Missing HTML entity encoding in template rendering 3) Trusted treatment of volume names as safe HTML. The high confidence comes from the direct correlation between the vulnerability description and common XSS patterns in template rendering systems.
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report