-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper output encoding in the link editable's rendering logic. The key evidence is in the patch diff:- The moved displayHtml initialization with htmlEncode(text)- The changed return statement from raw text to encoded displayHtmlThis indicates the original implementation returned user-controlled input (path/parameters/anchor) without proper HTML encoding when generating link text. Attackers could craft malicious values that execute scripts when rendered in a victim's browser.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 10.6.4 | 10.6.4 |