-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| concrete5/concrete5 | composer | >= 9.0.0RC1, < 9.2.8 | 9.2.8 |
| concrete5/concrete5 | composer | < 8.5.16 | 8.5.16 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing output encoding and input validation in administrator-controlled fields. The commit patches show critical additions of HTML escaping (h()) and input validation regex in: