-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing HTML entity encoding in configuration value rendering. The patch adds Strings::htmlentities() to two output locations in renderInputForm:
These unescaped outputs in the admin interface allowed DOM XSS via malicious configuration values. The function's direct insertion of raw values into HTML attributes without proper context-aware escaping matches the classic XSS pattern described in CWE-79.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.1.18 | 3.1.18 |
A Semantic Attack on Google Gemini - Read the Latest Research