N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-jfxf-4frr-9j3q

GHSA-jfxf-4frr-9j3q: XSS in various backend modules due to (un)escaping in JS notification module

The notification module displaying flash messages unscapes HTML coming from the server, resulting in XSS vulnerabilities with various names and labels of entities (eg. workspace title or media title). This however means you must be a logged in user with respective rights in the first place to leverage the attack vector.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-jfxf-4frr-9j3q

GHSA-jfxf-4frr-9j3q:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
neos/neos	composer	>= 3.3, < 5.3.10	5.3.10
neos/neos	composer	>= 7.0.0, < 7.0.9	7.0.9
neos/neos	composer	>= 7.1.0, < 7.1.7	7.1.7
neos/neos	composer	>= 7.2.0, < 7.2.6	7.2.6
neos/neos	composer	>= 7.3.0, < 7.3.4	7.3.4
neos/neos	composer	>= 8.0.0, < 8.0.2	8.0.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from client-side notification handling improperly handling HTML escaping. The advisory specifically mentions the JS notification module unescapes server-provided content. The '_addNotification' function would be responsible for DOM insertion of notifications, and the XSS occurs when user-controlled input (like workspace/media titles) is passed through this path without proper escaping. While exact code isn't available, the pattern matches common XSS vectors in notification systems where server-provided content is rendered as HTML without sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-jfxf-4frr-9j3q: XSS in various backend modules due to (un)escaping in JS notification module

GHSA-jfxf-4frr-9j3q:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

N/A

N/A

GHSA-jfxf-4frr-9j3q: XSS in various backend modules due to (un)escaping in JS notification module

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI