-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from unescaped output of user-controlled data in the GraylogController. The patch added htmlspecialchars() to sanitize the 'source' and 'message' fields in the formatMessage method. Since these values originated from external graylog messages (user-controllable input) and were embedded directly into HTML responses without contextual escaping, the pre-patch version of this function was the root cause of the XSS vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.4.0 | 22.4.0 |
PHPPHPOngoing coverage of React2Shell