-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | = 21.0.0-beta |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper neutralization of user input in HTML attributes. The commit diff shows widespread replacement of dol_escape_htmltag() with dolPrintHtmlForAttribute() in title/alt attributes across multiple files. The dol_escape_htmltag function in functions.lib.php was found insufficient for attribute context encoding, allowing crafted payloads to break out of attributes. This matches the CWE-79 XSS pattern and the patch's security-focused function substitution.
A Semantic Attack on Google Gemini - Read the Latest Research