-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 22.10.0 | 22.10.0 |
Miggo AIRoot Cause AnalysisThe commit 8383376 shows XSS fixes in both controllers' destroy methods by adding htmlentities() sanitization to group names. Prior to this fix, user-controlled group names were directly interpolated into HTML responses without proper escaping. These methods handle deletion confirmation messages that would execute arbitrary JavaScript if the group name contained XSS payloads. The direct correlation between the vulnerability report and these specific code changes provides high confidence.