-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| thorsten/phpmyfaq | composer | < 3.2.1 | 3.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'question' field in FAQ entries. The patch adds Strings::htmlentities() to $row->question in renderRecordsByCategoryId, indicating this was the missing sanitization. The function's role in rendering user-generated content to HTML without proper encoding matches the XSS vulnerability pattern. The direct correlation between the vulnerability description, CWE-79 classification, and the specific code change provides high confidence in this assessment.