-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| baserproject/basercms | composer | <= 5.1.1 | 5.1.2 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability involves stored XSS in the Edit Email Form Settings feature. XSS typically occurs when user input is not sanitized on output. In MVC frameworks like baserCMS (CakePHP-based), controllers handle input processing, and views handle rendering. The edit action in EmailFormSettingsController likely fails to sanitize input before saving, while the associated view template (edit.ctp) may lack proper escaping (e.g., using <?= h($field) ?>). The high confidence in the view template stems from the prevalence of XSS via unescaped output in similar CMS systems. The medium confidence in the controller reflects uncertainty about input validation practices without explicit patch details.
Ongoing coverage of React2Shell