-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the installation process's database connection handling where user-supplied 'uid' parameter is reflected unsafely. Though exact code isn't available, the POC demonstrates payload reflection during installation, and CMS installation workflows typically have controller functions handling connection parameters. The lack of output encoding for the 'uid' parameter in HTML context matches the described XSS behavior.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| evolutioncms/evolution | composer | <= 3.2.3 |
Ongoing coverage of React2Shell