-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| cockpit-hq/cockpit | composer | <= 2.6.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of user-controlled variables in HTML contexts. The patch explicitly adds $this->escape() to these variables in the view templates, confirming the lack of output encoding was the root cause. The affected parameters (e.g., API keys, URLs) are attacker-controllable inputs that flow directly into DOM elements without sanitization, enabling reflected XSS.