-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dweeves/magmi | composer | <= 0.7.22 | 0.7.24 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'prefix' parameter in ajax_gettime.php. The GitHub commit a9566b1 shows the fix adds htmlspecialchars() around $_REQUEST['prefix'], confirming the vulnerable code was raw output of user input. The affected line directly echoes the parameter value into the response without sanitization, making it susceptible to XSS when malicious scripts are passed in the prefix parameter.