BIT-neos-2022-30429

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/neos/BIT-neos-2022-30429.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-neos-2022-30429

Aliases

Published

2024-03-06T10:58:28.306Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions.

Database specific

{
    "cpes": [
        "cpe:2.3:a:neos:neos_cms:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / neos

Package

Name: neos
Purl: pkg:bitnami/neos

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

3.3.0

Fixed

5.3.10

Introduced

7.0.0

Fixed

7.0.9

Introduced

7.1.0

Fixed

7.1.7

Introduced

7.2.0

Fixed

7.2.6

Introduced

7.3.0

Fixed

7.3.4

Introduced

8.0.0

Fixed

8.0.2