3.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-8572

CVE-2024-8572: Gouniverse GoLang CMS vulnerable to Cross-site Scripting

A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2024-8572

CVE-2024-8572:

3.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/gouniverse/cms	go	< 1.4.1	1.4.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability exists in PageRenderHtmlByAlias where alias parameter concatenation into HTML responses was observed in pre-patch code (e.g., 'return "Page with alias '" + alias + "' not found"'). The commit 3e661cd fixed this by introducing HTML escaping via hb.NewDiv().Text(alias). FrontendHandlerRenderAsString is included as it directly passes r.URL.Path (user-controlled input) to the vulnerable function. Confidence is high for PageRenderHtmlByAlias due to direct evidence in patch diffs, and medium for FrontendHandlerRenderAsString as it's part of the attack vector but not the primary vulnerable implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2024-8572: Gouniverse GoLang CMS vulnerable to Cross-site Scripting

CVE-2024-8572:

3.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2024-8572: Gouniverse GoLang CMS vulnerable to Cross-site Scripting

3.5

3.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI