-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 11.0.0 | 11.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from three key components:
Though the UI component (addMetaData function) was part of the attack surface, the actual XSS execution occurred in DocumentMetaDataListener where user-controlled HTML was injected into the page without escaping. The removal of this listener and associated metadata handling in the patch confirms these were the vulnerable points. The high confidence comes from the direct evidence in the patch diff showing removal of unsanitized output handling.