-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unsafe HTML construction in swatch creation. The pre-patch code used string concatenation with $('<li...title="' + name + '">') which allowed HTML injection. The fix moved to .attr('title', name) which properly handles escaping. This code was part of the swatch initialization process when handling user-provided color names, making this the vulnerable function.
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @claviska/jquery-minicolors | npm | < 2.3.6 | 2.3.6 |
Ongoing coverage of React2Shell