-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch adds htmlspecialchars() and a regex-based sanitization check to the slug value in UrlSlug.php's checkValidity method. This indicates the original implementation lacked proper input sanitization, allowing stored XSS. The JavaScript validator changes (urlSlug.js) show client-side validation improvements, but the server-side PHP method is the root cause for storage of unsanitized payloads.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 1.5.17 | 1.5.17 |
PHPPHPOngoing coverage of React2Shell