-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| django-markdownx | pip | <= 4.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability is a stored XSS in the upload functionality due to improper sanitization. In Django MarkdownX, the upload view (markdownx_upload) processes user-uploaded files and returns their metadata. If the filename or content is not sanitized, it can be injected into the Markdown output as part of image tags or URLs. Since the advisory explicitly implicates the upload functionality and lack of JavaScript sanitization, the most likely culprit is the upload handler responsible for processing and returning file metadata to the client.
A Semantic Attack on Google Gemini - Read the Latest Research