-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| jspreadsheet-ce | npm | < 4.6.0 | 4.6.0 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in dropdown menu rendering where user-controlled input from the 'source' array is directly inserted into the DOM without proper sanitization. The reproduction example shows XSS occurs when dropdown options contain HTML elements with event handlers (e.g., <img onerror>). This indicates the function handling dropdown rendering failed to escape/sanitize input before setting innerHTML or equivalent DOM manipulation. While exact file paths aren't visible in provided resources, the pattern matches column-type handling code responsible for transforming data source entries into interactive dropdown elements.