-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of the 'redirect' parameter in URL construction. The commit 4a00966 shows the fix involved changing from direct string concatenation ($redirectArg = $redirect ? '?redirect='.$redirect : '') to using Zend's url view helper with proper query parameter handling. The original vulnerable implementation in SocialSignInButton's __invoke method failed to escape user-controlled input when building authentication URLs, enabling XSS payload injection through the redirect parameter.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| socalnick/scn-social-auth | composer | < 1.15.2 | 1.15.2 |