-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper HTML sanitization in Redactor field handling. Key evidence includes: 1) The PoC requires manipulating Redactor field content through DOM inspection 2) HTML payloads persist in storage and render unsafely 3) CWE-79 classification indicates output encoding failure. While exact code isn't available, Craft CMS's template engine (Twig) typically requires explicit unsafe output (|raw), making template rendering the primary suspect. The medium confidence in Field.php methods stems from the requirement that server-side field handling must have allowed HTML persistence despite UI restrictions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| craftcms/cms | composer | <= 4.4.9 |
A Semantic Attack on Google Gemini - Read the Latest Research