Miggo Logo
Miggo Vulnerability Database
GHSA-qvwg-c35p-rqhj

GHSA-qvwg-c35p-rqhj: Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-qvwg-c35p-rqhj
EPSS Score
-
CWE
-
Published
5/14/2024
Updated
5/20/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
wwbn/avideocomposer< 14.314.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information indicates the XSS vulnerability occurs in view/about.php line 53 where the User-Agent header is echoed without sanitization. However, PHP's echo statement in the global scope does not correspond to a named function in runtime profiling. The vulnerability stems from direct output in the script rather than within a specific function. Without access to the actual code structure or patch details showing function-level changes, we cannot definitively identify a named function that would appear in a profiler. The main script execution context ('{main}') isn't a valid function name, and no class/method information is provided in the advisory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-***p-****-*m*v. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription WW*N *Vi**o **.* is vuln*r**l* to *ross Sit* S*riptin* (XSS).

Reasoning

T** provi*** in*orm*tion in*i**t*s t** `XSS` vuln*r**ility o**urs in `vi*w/**out.p*p` lin* ** w**r* t** `Us*r-***nt` *****r is ***o** wit*out s*nitiz*tion. *ow*v*r, `P*P`'s `***o` st*t*m*nt in t** *lo**l s*op* *o*s not *orr*spon* to * n*m** *un*tion