-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.10.0 | 22.10.0 |
Miggo AIRoot Cause AnalysisThe commit d86cbcd fixes XSS vulnerabilities by adding htmlentities() to escape $location_map['location'], $group_map['name'], and $device_map['hostname'] in print-alert-rules.php. The original code directly embedded these database-derived values into HTML without sanitization, making them XSS vectors. While the vulnerable code isn't in named functions (it's inline in the script), the key issue occurs in the HTML generation loops within this file.