-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mobiledoc-kit | npm | < 0.14.2 | 0.14.2 |
Miggo AIRoot Cause AnalysisThe key evidence is the dependency upgrade from mobiledoc-dom-renderer@0.7.1 to 0.7.2 in the patch. Since the CVE describes a reflected XSS vulnerability and mobiledoc-dom-renderer handles raw HTML rendering, the vulnerability likely existed in its DOM construction logic. The patch specifically updates this critical dependency without modifying mobiledoc-kit's own codebase, indicating the vulnerability resided in the renderer's handling of untrusted input during HTML element creation.
Ongoing coverage of React2Shell