-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| froxlor/froxlor | composer | = 0.10.16 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in two phases: 1) Unsanitized input handling during customer creation (via POST to admin_customers.php?action=add), and 2) Unsafe output rendering in admin_traffic.php. While exact function names aren't disclosed in public reports, the file paths and module behaviors are explicitly referenced in PoC details and vulnerability descriptions. The combination of missing input sanitization in the customer-add handler and missing output encoding in traffic statistics display meets the XSS vulnerability pattern with high confidence.