-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability documentation explicitly identifies the /post/save endpoint's content parameter as the injection point. While exact implementation details aren't available, Java web applications typically use controller methods to handle endpoints. The combination of: 1) Input being received via POST, 2) Lack of server-side sanitization mentioned in advisories, and 3) Stored XSS impact pattern strongly suggests the save handler in PostController is responsible. The confidence is high due to the specific endpoint reference and XSS pattern matching common MVC implementations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.ibeetl:beetl | maven | <= 2.0.0 |
JavaJavaOngoing coverage of React2Shell