-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe key vulnerability stems from the 'temp' function handling user input (val) without adequate sanitization. The patch adds 'val = (val || '').trim()', indicating prior lack of input cleansing. Since this function directly modifies CSS rules applied to the document, unescaped input could lead to script execution via CSS injection vectors (e.g., 'javascript:' URIs or expression() in legacy browsers). The CWE-79 alignment and the nature of the fix (added sanitization) strongly point to this function as the vulnerable entry point.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| microweber/microweber | composer | <= 1.2.17 |
Ongoing coverage of React2Shell