GHSA-73wv-rgj7-vjj9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-73wv-rgj7-vjj9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-73wv-rgj7-vjj9/GHSA-73wv-rgj7-vjj9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-73wv-rgj7-vjj9
- Aliases
-
- CVE-2021-28380
- Published
- 2022-05-24T17:44:38Z
- Modified
- 2024-02-16T08:18:47.552327Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Aimeos Typo3 extension contains Cross-site Scripting vulnerability
- Details
-
The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows Cross-site Scripting (XSS) via a backend user account.
- Database specific
{ "nvd_published_at": "2021-03-16T20:15:00Z", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2023-07-10T23:06:27Z", "github_reviewed": true, "severity": "MODERATE" }- References
Affected packages
Packagist / aimeos/aimeos-typo3
Package
- Name
- aimeos/aimeos-typo3
- Purl
- pkg:composer/aimeos/aimeos-typo3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed19.10.12
Affected versions
16.*
16.7.0
16.7.1
16.7.2
16.10.0
16.10.1
16.10.2
16.10.3
16.10.4
16.10.5
17.*
17.3.0
17.4.0
17.4.1
17.4.2
17.7.0
17.7.1
17.7.2
17.10.0
17.10.1
17.10.2
17.10.3
17.10.4
18.*
18.1.0
18.1.1
18.4.0
18.4.1
18.4.2
18.7.0
18.7.1
18.7.2
18.7.3
18.10.0
18.10.1
18.10.2
18.10.3
18.10.4
18.10.5
18.10.6
18.10.7
18.10.8
18.10.9
18.10.10
18.10.11
19.*
19.1.0
19.4.1
19.4.2
19.4.3
19.7.1
19.7.2
19.7.3
19.10.1
19.10.2
19.10.3
19.10.4
19.10.5
19.10.6
19.10.7
19.10.8
19.10.9
19.10.10
19.10.11
Packagist / aimeos/aimeos-typo3
Package
- Name
- aimeos/aimeos-typo3
- Purl
- pkg:composer/aimeos/aimeos-typo3