-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the charset being passed to Spoon::setCharset in a non-lowercase format, as shown in the commit diff. The patch explicitly converts the charset to lowercase using strtolower, indicating that the original code failed to enforce this requirement. This misconfiguration disabled SpoonLibrary's XSS protections, enabling stored XSS via unsanitized parameters like 'start_date'. The defineForkConstants method in Kernel.php is directly responsible for this insecure configuration.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| forkcms/forkcms | composer | < 5.11.0 | 5.11.0 |
Ongoing coverage of React2Shell