-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| centreon/centreon | composer | < 2.8.27 | 2.8.27 |
Miggo AIRoot Cause AnalysisThe key evidence comes from: 1) PR #6637/6953 explicitly modifying comment handling and escapeSecure to add HTML tag allowlisting 2) Release notes mention XSS fixes in comment fields 3) CWE-79 alignment shows output encoding failures. While exact pre-patch function names aren't shown, the escapeSecure function's central role in output sanitization and its modification in fixes strongly indicates it was the vulnerable component when used without proper parameters.