-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| antsword | npm | < 2.1.0 | 2.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized user input being directly rendered in the UI across multiple database modules. The GitHub patch shows critical additions of antSword.noxss() sanitization to these exact locations where configuration data (type/user/host fields) was previously rendered raw. This matches the CWE-79 XSS pattern and the attacker's proof-of-concept demonstrating HTML/JS injection via these fields. Each identified function handles display logic for database configurations and lacked proper input encoding before the patch.
A Semantic Attack on Google Gemini - Read the Latest Research