-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 23.9.0 | 23.9.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of the 'address' POST parameter in the IPv4 search page template. The patch adds htmlspecialchars() to sanitize this input, confirming the lack of output encoding was the root cause. While not a traditional function call, the direct <?php echo $_POST['address'] ?> pattern in template rendering constitutes the vulnerable code pattern. The file path and line number are explicitly shown in the commit diff, and the XSS vulnerability type matches the unescaped output scenario.