-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe XSS occurs during installation when user-supplied parameters (dbhost, dbname, etc.) are reflected in the interface without proper sanitization. While exact code isn't available, installation workflows typically: 1) Process form inputs in a controller 2) Pass values to templates 3) Render confirmation pages. The vulnerability pattern matches missing output encoding in these two layers. High confidence comes from consistent parameter specificity in reports and standard CMS installation patterns.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| intelliants/subrion | composer | <= 4.2.1 |
KEV Misses 88% of Exploited CVEs- Get the report