-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch shows critical XSS prevention measures: 1) In CartManager.php, added title validation and fallback to prevent empty/malicious titles 2) In OrderManager.php, added recursive strip_tags and xss_clean for all order data. The accompanying test (CustomerCheckoutTest.php) explicitly tests XSS payloads in customer fields, confirming these were attack vectors. The CWE-79 alignment and direct sanitization additions in the commit demonstrate these functions were vulnerable pre-patch.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| microweber/microweber | composer | < 2.0.0 | 2.0.0 |