-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.1.12 | 3.1.12 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of user-controlled data in the UserHelper class. The patch adds Strings::htmlentities() to sanitize the display_name value, confirming the lack of output encoding was the root cause. The function builds HTML select options using user-provided display names, making it a clear injection point. The singular code change in the commit directly addresses this specific XSS vector with high specificity.