-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| roundup | pip | < 1.4.20 | 1.4.20 |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability explicitly references the 'otk' parameter as the injection vector. While exact code isn't available, XSS vulnerabilities typically occur when input parameters are reflected in output without proper sanitization. The advisory confirms the flaw was fixed in 1.4.20, indicating the vulnerable code path handled the otk parameter in web response generation. The confidence is high because: 1) The parameter name (otk) is explicitly called out 2) This matches classic XSS patterns 3) Multiple independent sources confirm the parameter as the attack vector 4) The CWE-79 classification directly maps to unsanitized web output scenarios.
Ongoing coverage of React2Shell