-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| lavalite/cms | composer | <= 5.8.0 |
Miggo AIRoot Cause AnalysisThe vulnerability requires both improper input handling and unsafe output rendering. The controller's storage function likely fails to sanitize HTML input from the 'New' parameter before storage. The view template then directly outputs this unsanitized data using Blade's unescaped syntax ({!! !!}), enabling script execution. This matches the reported attack vector where payloads persist through storage and execute during preview.