-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| silverstripe/framework | composer | >= 4.0.0, < 4.7.4 | 4.7.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from XML parsing in CSSContentParser allowing external entities. Though the class is intended for test purposes, its misuse with user-controlled data made it vulnerable. The patch explicitly disabled external entities (LIBXML_NOENT), confirming the root cause was insecure XML parsing configuration in this component. The primary vulnerable function would be the HTML/XML parsing logic within CSSContentParser initialization.
Ongoing coverage of React2Shell