-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | < 11.1.0 | 11.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing sanitization checks during PDF processing. The patch introduced checkIfPdfContainsJS() and scan_pdf configuration to detect JavaScript in PDFs. The vulnerable functions (processPageCount in Document.php and processDocument in AssetUpdateTasksHandler.php) handled PDF assets without these checks in prior versions, allowing stored XSS via malicious PDF content. The high confidence comes from the direct correlation between the patch's added checks and the functions modified to include them.
PHPPHP