-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| editor.md | npm | <= 1.5.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization in HTML processing. The pull request #860 specifically modifies the filterHTML function's regex patterns to address self-closing tags and event handler attributes. Multiple GitHub issues (#700, #715, etc.) demonstrate that malicious scripts/attributes persisted through the original filtering logic. The function's responsibility for HTML sanitization and the direct correlation between its regex shortcomings and the XSS payloads described in PoCs confirm its vulnerability.
KEV Misses 88% of Exploited CVEs- Get the report