-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| subhh/libconnect | composer | < 7.0.8 | 7.0.8 |
| subhh/libconnect | composer | >= 8.0.0, < 8.1.0 | 8.1.0 |
PHPPHPMiggo AIRoot Cause AnalysisThe commit diff shows added validation for the 'jourid' parameter and a static error message. Prior to this fix, the extension likely passed unvalidated user input (jourid) directly into error messages. The template (DisplayError.html) outputs the error variable, which would execute injected scripts if containing unescaped user input. The combination of missing input validation and direct output in templates creates an XSS vector.