dweeves/magmi-git is vulnerable to cross-site scripting (XSS) and arbitrary code execution attacks. The attacks are possible because user-supplied data (prefix) are being input to the magmi-git-master/magmi/web/ajax_gettime.php
URL without enough filtering.