-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| modx/revolution | composer | <= 3.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from two key points: 1) Insecure file upload handling that permits SVG files with embedded scripts, and 2) Improper rendering of SVG files that allows script execution. The Profile Update controller's upload handler is implicated based on the attack vector described, while modX's file serving mechanism would need to lack proper security headers/sanitization to enable client-side execution. Confidence is medium as these are common patterns in MODX architecture, though exact implementation details aren't confirmed without code access.
Ongoing coverage of React2Shell