-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| vditor | npm | < 3.8.7 | 3.8.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized HTML being processed during paste operations. The patch adds Lute.Sanitize() call to the paste handler in fixBrowserBehavior.ts, indicating this was the missing security check. The function processes clipboard data without proper sanitization in vulnerable versions, making it the entry point for XSS payloads.