Miggo Logo
Miggo Vulnerability Database
CVE-2025-61417

CVE-2025-61417: TastyIgniter vulnerable to Cross-Site Scripting

N/A

CVSS Score

Basic Information

CVE ID
CVE-2025-61417
GHSA ID
GHSA-4vrf-42cm-7xfw
EPSS Score
-
CWE
CWE-79
Published
10/20/2025
Updated
10/20/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
tastyigniter/tastyignitercomposer<= 3.7.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

I was unable to find the vulnerable functions for this vulnerability. The provided information indicates that the vulnerability exists in the /admin/media_manager component of TastyIgniter version 3.7.7. However, I was unable to locate the source code for this component in the tastyigniter/TastyIgniter repository. I tried to find the MediaManager.php controller in several likely locations, but all attempts failed. Without access to the source code, I cannot identify the specific functions that are vulnerable to the Cross-Site Scripting attack. The advisory also states that there is no patched version available, which means I cannot analyze a patch to identify the vulnerable code. Therefore, I am unable to provide the requested information.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-Sit* S*riptin* (XSS) vuln*r**ility *xists in T*styI*nit*r *.*.*, *****tin* t** /**min/m**i*_m*n***r *ompon*nt. *tt**k*rs **n uplo** * m*li*ious SV* *il* *ont*inin* J*v*S*ript *o**. W**n *n **ministr*tor pr*vi*ws t** *il*, t** *o** *x**ut*s in t

Reasoning

I w*s un**l* to *in* t** vuln*r**l* *un*tions *or t*is vuln*r**ility. T** provi*** in*orm*tion in*i**t*s t**t t** vuln*r**ility *xists in t** `/**min/m**i*_m*n***r` *ompon*nt o* T*styI*nit*r v*rsion *.*.*. *ow*v*r, I w*s un**l* to lo**t* t** sour** *