-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.ibeetl:beetl | maven | <= 2.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in two key locations: 1) The controller handling the /index endpoint fails to sanitize the 'keyword' parameter before passing it to the view layer. 2) The template engine directly outputs the unescaped parameter value. This matches the XSS pattern where user input flows from request parameter to HTTP response without proper neutralization. The advisory's PoC confirms payload delivery via this parameter, and Beetl template syntax requirements for explicit escaping (! operator) suggest missing output encoding.