Advisory 1:

CVE-2025-45879
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability in the e-mail
manager function of Miliaris Amigdala v2.2.6 allows attackers to
execute arbitrary HTML in the context of a user's browser via a crafted
payload.
------------------------------------------
[Additional Information]
Vulnerable parameter reportEngineId
Payload <svg onmouseover=alert()>
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
Miliaris
------------------------------------------
[Affected Product Code Base]
Amigdala - 2.2.6
------------------------------------------
[Affected Component]
Amigdala web Application
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Run Arbitrary Javascript code
------------------------------------------
[Attack Vectors]
Crafted URL
------------------------------------------
[Reference]
https://www.miliaris.it/
------------------------------------------
[Discoverer]
Marco Nappi
------------------------------------------


Advisory 2:

CVE-2025-45880
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability in the data
resource management function of Miliaris Amigdala v2.2.6 allows
attackers to execute arbitrary HTML in the context of a user's browser
via a crafted payload.
------------------------------------------
[Additional Information]
Vulnerable Parameter mailSessionId
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
Miliaris
------------------------------------------
[Affected Product Code Base]
Amigdala - 2.2.6
------------------------------------------
[Affected Component]
Amigdala web Application
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Run Arbitrary JS code
------------------------------------------
[Attack Vectors]
Crafted URL
------------------------------------------
[Reference]
https://www.miliaris.it/
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Marco Nappi
------------------------------------------


Advisory 3:

CVE-2025-45878
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability in the report
manager function of Miliaris Amigdala v2.2.6 allows attackers to
execute arbitrary HTML in the context of a user's browser via a crafted
payload.
------------------------------------------
[Additional Information]
Vulnerable Parameter datasourceId
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
Miliaris
------------------------------------------
[Affected Product Code Base]
Amigdala - 2.2.6
------------------------------------------
[Affected Component]
Amigdala web Application
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Run Arbitrary Javascript code
------------------------------------------
[Attack Vectors]
Crafted URL
------------------------------------------
[Reference]
https://www.miliaris.it/
------------------------------------------
[Discoverer]
Marco Nappi
------------------------------------------