CVE-2019-7410

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7410

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7410.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-7410

Published

2020-08-14T14:15:12Z

Modified

2025-01-14T08:05:33.350923Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).

References

Affected packages

Git / github.com/jberger/galileo

Affected ranges

Type: GIT
Repo: https://github.com/jberger/galileo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

4820ebf4c74a5d97f727ed995759902075571abc

Affected versions

0.*

0.001

0.002

0.0038

0.004

0.005

0.006

0.007

0.008

0.009

0.010

0.011

0.012

0.013

0.014

0.015

0.016

0.017

0.018

0.019

0.020

0.021

0.022

0.023

0.024

0.025

0.026

0.027

0.028

0.029

0.030

0.031

0.032

0.033

0.034

0.035

0.036

0.037

0.039

0.040

0.041

0.042