-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped user input in login error messages. The commit diff shows the vulnerability was patched by adding htmlspecialchars() around the $nick variable in AppController::userAuth. This function handles authentication and directly used user-controlled input (fsNick parameter) in a warning message without proper output encoding, making it the clear injection point for reflected XSS attacks when rendering error messages to users.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| facturascripts/facturascripts | composer | < 2022.06 | 2022.06 |
PHPPHP