-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moin | pip | <= 1.7.3 | |
| moin | pip | >= 1.9.0, < 1.9.3 | 1.9.3 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly lists action/LikePages.py, action/chart.py, and action/userprofile.py as sources of XSS via unescaped input. The Debian bug report and MoinMoin's SecurityFixes page show that the root cause was improper escaping of parameters passed to theme.add_msg(). Patches for similar components (e.g., PageEditor.py) demonstrate that escaping user input in theme.add_msg() was the fix. This pattern matches the three listed files, which handle user input in messages without proper sanitization.
A Semantic Attack on Google Gemini - Read the Latest Research