-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| redaxo/source | composer | <= 5.17.1 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies the /media/test.html endpoint and password parameter as the injection point. In PHP CMS architectures, form handlers like test.php typically process parameters. The lack of output sanitization (htmlspecialchars() or similar) when rendering the password value would directly enable XSS. While exact code isn't available, the component structure and vulnerability pattern strongly suggest a controller method handling password input in the media module's test page is responsible.
A Semantic Attack on Google Gemini - Read the Latest Research