6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qwj6-q94f-8425

GHSA-qwj6-q94f-8425: MathLive's Lack of Escaping of HTML allows for XSS

Summary

Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS.

Details

Overall in the code, other than in the test folder, no functions escaping HTML can be seen.

PoC

Go to https://cortexjs.io/mathlive/demo/
Paste either \htmlData{><img/onerror=alert(1)"src=}{} or \htmlData{x=" ><img/onerror=alert(1) src>}{} in the LaTeX textarea.

Impact

MathLive users who render untrusted mathematical expressions could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-qwj6-q94f-8425

GHSA-qwj6-q94f-8425:

6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mathlive	npm	<= 0.103.0	0.104.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the Box class's HTML generation in box.ts. The commit diff shows multiple locations where attribute values were previously concatenated directly into HTML strings without sanitization (class, id, data-* attributes). The patch introduced sanitizeAttributeName/sanitizeAttributeValue functions to address this. The Box.toMarkup method was the primary HTML generation point handling user-controlled input from LaTeX commands like \htmlData, making it the vulnerable entry point. The high confidence comes from direct evidence in the patch modifying this method's attribute handling and the vulnerability's PoC demonstrating HTML injection through DOM attributes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.3

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-qwj6-q94f-8425: MathLive's Lack of Escaping of HTML allows for XSS

Summary

Details

PoC

Impact

GHSA-qwj6-q94f-8425:

6.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-qwj6-q94f-8425: MathLive's Lack of Escaping of HTML allows for XSS

Summary

Details

PoC

Impact

Technical Details

6.3

6.3

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI