-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.igniterealtime.openfire:parent | maven | < 4.4.2 | 4.4.2 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the serverURL parameter in setup-datasource-standard.jsp. The patch adds JSTL escaping (fn:escapeXml) to user-controlled values. The _jspService method (auto-generated JSP servlet entry point) would show in profilers when processing requests to this page. The specific code location handles direct output of the vulnerable parameter into HTML attributes without sanitization in the vulnerable version.
Ongoing coverage of React2Shell