Miggo Logo

CVE-2021-29625: XSS in doc_link

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.98652%
Published
3/18/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
vrana/adminercomposer>= 4.7.8, < 4.8.14.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit 4043092 explicitly patches the doc_link function in editing.inc.php by adding HTML escaping (h()) to the URL construction. The vulnerability occurs because user-controlled database error messages or other inputs could influence the $paths parameter, and the lack of escaping in the href attribute allowed JavaScript injection. The patch confirms the function's role in the XSS vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Us*rs o* MySQL, M*ri***, P*SQL *n* SQLit* *r* *****t**. XSS is in most **s*s pr*v*nt** *y stri*t *SP in *ll mo**rn *rows*rs. T** only *x**ption is w**n **min*r is usin* * `p*o_` *xt*nsion to *ommuni**t* wit* t** **t***s* (it is us** i* t**

Reasoning

T** *ommit ******* *xpli*itly p*t***s t** `*o*_link` *un*tion in `**itin*.in*.p*p` *y ***in* *TML *s**pin* (`*()`) to t** URL *onstru*tion. T** vuln*r**ility o**urs ****us* us*r-*ontroll** **t***s* *rror m*ss***s or ot**r inputs *oul* in*lu*n** t** `