-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| francoisjacquet/rosariosis | composer | < 9.0 | 9.0 |
Miggo AIRoot Cause AnalysisThe commit diff shows a critical change from strpos to stripos in URL sanitization logic. The original case-sensitive check failed to remove JavaScript handlers with non-lowercase characters, enabling stored XSS via crafted URLs. This function is directly responsible for neutralizing dangerous patterns in PHP_SELF values used during page generation, making it the root cause of improper input sanitization (CWE-79).
PHPPHPOngoing coverage of React2Shell