-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| grumpydictator/firefly-iii | composer | < 4.7.17.3 | 4.7.17.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'query' parameter in the search template. The patch adds |escape to the query variable in the Twig template, proving the original implementation lacked proper output encoding. The |raw filter was being misapplied to the entire translation output while the embedded user-controlled 'query' parameter remained unescaped, creating an XSS vector.