-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.10.0 | 22.10.0 |
PHPPHPMiggo AIRoot Cause AnalysisThe GitHub commit 8e85698 shows three instances in notifications.inc.php where $notif['title'] was output without escaping. The fix added htmlentities() to sanitize the output. Since notification titles are user-controlled (via stored data), the lack of escaping in these echo statements directly enabled stored XSS. The file path and vulnerability pattern match the CWE-79 description and patch context.
Ongoing coverage of React2Shell