-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| baserproject/basercms | composer | < 5.0.9 | 5.0.9 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from disabled output encoding in form input fields handling search queries. The commit diff shows removal of 'escape' => false parameters from BcForm->control() and BcBaser->formControl() calls that process the 'q' parameter. These parameters explicitly disabled HTML entity encoding, making the search input fields susceptible to XSS payload injection. The advisory confirms the fix requires re-enabling escaping by removing this parameter.
Ongoing coverage of React2Shell