-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| php-mod/curl | composer | < 2.3.2 | 2.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two test endpoints that reflect user input without proper Content-Type headers. In post_file_path_upload.php, JSON output lacked application/json headers, allowing XSS via JSON/HTML confusion. In post_multidimensional.php, raw POST data was echoed back without text/plain headers, enabling direct script execution. The commit fixed these by adding proper headers, confirming the XSS vector was browser response type misinterpretation combined with unescaped output.
Ongoing coverage of React2Shell