-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| munkireport/comment | composer | < 4.1 | 4.1 |
| munkireport/managedinstalls | composer | < 2.6 | 2.6 |
| munkireport/munkireport | composer | >= 2.5.3, < 5.6.3 | 5.6.3 |
Miggo AIRoot Cause AnalysisThe provided commit diff for the managedinstalls module shows critical changes to input handling. In managedinstalls_controller.php, rawurldecode() was replaced with addslashes() to escape quotes, and in managedinstalls_functions.js, decodeURIComponent() was added to safely handle URL parameters. These fixes directly address XSS vulnerabilities caused by unescaped user input being reflected in the UI. The vulnerability title specifically mentions the comment module, but the analyzed commit and diff pertain to the managedinstalls module, which is also listed as affected in the advisory. The changes in these functions align with the described XSS filter bypass mechanism, confirming their role in the vulnerability.
PHPPHPOngoing coverage of React2Shell