-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the X-Forwarded-For header in session monitoring pages. The commit aacbc46 shows the fix added HTML encoding to the remoteAddr value in HtmlSessionInformationsReport.java's writeSession method. Prior to 1.47, this method directly wrote user-controlled header data to HTML responses without sanitization, matching the CWE-79 XSS pattern. The vulnerable code path is clearly identified in the patched file and method.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| net.bull.javamelody:javamelody-core | maven | < 1.47.0 | 1.47.0 |