Miggo Logo

CVE-2022-0970: Stored Cross-site Scripting in grav

7.1

CVSS Score
3.0

Basic Information

EPSS Score
0.54749%
Published
3/16/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
getgrav/gravcomposer< 1.7.311.7.31

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key gaps: 1) The file upload handler (MediaUploadTrait) lacked XSS checks for SVG files before storage, and 2) The XSS detection regex in Security::detectXss had a pattern matching flaw. The patch added both the XSS check invocation in the upload workflow (via FormFlashFile::checkXss) and fixed the entity sanitization regex (!(&#[0-9]+);?!u), confirming these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*r*v prior to *.*.** is vuln*r**l* to stor** *ross-sit* s*riptin*.

Reasoning

T** vuln*r**ility st*mm** *rom two k*y **ps: *) T** *il* uplo** **n*l*r (M**i*Uplo**Tr*it) l**k** XSS ****ks *or SV* *il*s ***or* stor***, *n* *) T** XSS **t**tion r***x in `S**urity::**t**tXss` *** * p*tt*rn m*t**in* *l*w. T** p*t** ***** *ot* t** X