-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 23.9.0 | 23.9.0 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized user inputs being directly embedded into output contexts (HTML/JavaScript). In search.inc.php, the $search_type variable (from user input) was concatenated into an error message without escaping, creating an XSS vector. In ipv4.inc.php, $_POST['interface'] and $_POST['address'] were injected into JavaScript literals without proper escaping, allowing script injection. The patches explicitly add htmlspecialchars() to these variables, confirming the lack of sanitization was the root cause. All three instances involve high-confidence vulnerabilities due to direct user input reflection in executable contexts.
KEV Misses 88% of Exploited CVEs- Get the report