-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| icecoder/icecoder | composer | <= 8.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized use of $_REQUEST['command'] parameter in lib/terminal-xhr.php. The code directly incorporates user-controlled input into HTML output via returnHTMLPromptCommand() function without encoding. The provided PoC demonstrates executable script injection through the command parameter, which gets reflected in the JSON response. The function's role in constructing HTML output with raw user input makes it the primary vulnerable component.