-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| getkirby/cms | composer | <= 4.1.0 | 4.1.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unvalidated URL values being directly used in link href attributes. The advisory explicitly mentions the URL field's link button as the injection vector, and describes patching through validation checks. The UrlField class would contain the rendering logic for this UI element. While exact code isn't shown, the pattern matches common XSS vulnerabilities in form field components where output encoding is missing for href attributes.
PHPPHPOngoing coverage of React2Shell