-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nilsteampassnet/teampass | composer | < 3.0.10 | 3.0.10 |
Miggo AIRoot Cause AnalysisThe key vulnerability stemmed from improper input sanitization in the session extension feature. The commit shows the XSS fix specifically targeted the showExtendSession function by replacing direct .val() usage with a sanitization wrapper. While other input fields in options.php were hardened by switching to type='number', these represent HTML form improvements rather than vulnerable functions. The showExtendSession function's direct use of unsanitized user input in JavaScript execution context (via IncreaseSessionTime) provides a clear XSS vector that matches the CWE-79 description.
Ongoing coverage of React2Shell