-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch adds critical HTML entity replacements in simplePurifier and fixes data attribute checks in fieldDomPurifierLoop. Pre-patch versions failed to properly sanitize alternative HTML entity encodings and had flawed logic for identifying fields needing purification. The vulnerability manifests in input handling functions where user-controlled data wasn't adequately neutralized before DOM insertion.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nilsteampassnet/teampass | composer | < 3.0.10 | 3.0.10 |
Ongoing coverage of React2Shell