-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| drupal/obfuscate | composer | < 2.0.1 | 2.0.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper sanitization during ROT13 encoding output. Drupal's architecture indicates filter plugins handle text processing through their process() method. The advisory specifically mentions ROT13 encoding as the vulnerable path, and filter plugins are the primary extension point for text transformation in Drupal's text format system. The ObfuscateFilter::process method would be responsible for both encoding and output generation, making it the logical location for missing sanitization that would enable stored XSS.
PHPPHPOngoing coverage of React2Shell