-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from improper input sanitization sequence in the Balance model's validation logic. The test() method originally validated the codbalance field with a regex check before applying HTML escaping, creating an XSS vector through validation error messages. The patch fixed this by moving the noHtml() sanitization to occur before validation. The unit tests added in the commit specifically verify HTML escaping behavior, confirming the pre-patch vulnerability in field handling.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| facturascripts/facturascripts | composer | <= 2022.08 |
PHPPHPOngoing coverage of React2Shell