-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ZKEACMS.Publisher | nuget | <= 2.0.0 |
C#C#Miggo AIRoot Cause AnalysisThe core vulnerability stems from unsanitized user input in navigation entity operations. The pre-patch code in NavigationService.cs lacked HTML sanitization for Title and Html fields during Add/Update operations. The commit adds sanitization via IHtmlSanitizer specifically to these methods, confirming they were the injection points. While the CVE mentions ParentID parameter, the actual vulnerable fields (Title/Html) are explicitly sanitized in the patch, indicating these functions processed untrusted data before sanitization was implemented.
Ongoing coverage of React2Shell