GHSA-gp82-xr77-88f4

Suggest an improvement
Source
https://github.com/advisories/GHSA-gp82-xr77-88f4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-gp82-xr77-88f4/GHSA-gp82-xr77-88f4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-gp82-xr77-88f4
Aliases
  • CVE-2018-7261
Published
2018-07-27T17:08:29Z
Modified
2023-11-08T04:00:22.435839Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
radiant vulnerable to Cross-site Scripting
Details

There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:37:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

RubyGems / radiant

Package

Name
radiant
Purl
pkg:gem/radiant

Affected ranges

Affected versions

1.*
1.1.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-gp82-xr77-88f4/GHSA-gp82-xr77-88f4.json"