-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| loggerhead | pip | < 1.18.1 | 1.18.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped filename usage in HTML output. The patches show critical changes in templatefunctions.py where filename escaping was added to URL construction in revision_link() and fragment handling in file_link(). These functions directly process user-controlled filenames and output them in HTML contexts without proper escaping in vulnerable versions, making them the primary XSS injection points visible in runtime traces when processing malicious filenames.