-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability involves stored XSS via the report title field. Attackers inject payloads into the title during report creation, which executes when the title is rendered. This implies two points of failure: (1) input handling during report saving (no sanitization) and (2) output rendering (no escaping). The ReporticoAdmin class is central to admin operations, and functions like saveReport() (input processing) and display() (output rendering) are the most probable candidates. While no direct code is provided, the attack vector and Reportico's structure strongly suggest these functions are involved.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| reportico-web/reportico | composer | <= 7.1.21 |
KEV Misses 88% of Exploited CVEs- Get the report