-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of user-controlled data (email and category name) in the admin interface. The patch explicitly adds Strings::htmlentities() to these variables, confirming that their raw output was the root cause. Both instances directly inject data into HTML contexts without sanitization, meeting the criteria for stored XSS.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.1.13 | 3.1.13 |
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report