-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| qcubed/qcubed | composer | <= 3.1.1 | 3.2 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability occurs in profile.php where the stQuery parameter is part of serialized POST data. The code unserializes/base64-decodes user input and directly outputs the strQuery value using _p($strQuery, false). The second parameter 'false' in _p() likely disables HTML escaping, allowing injected scripts to execute. The GitHub patch shows the vulnerability was mitigated by adding proper escaping and hardening input handling in this file.
Ongoing coverage of React2Shell