GHSA-3862-fmr3-4f3h

Suggest an improvement
Source
https://github.com/advisories/GHSA-3862-fmr3-4f3h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-3862-fmr3-4f3h/GHSA-3862-fmr3-4f3h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3862-fmr3-4f3h
Aliases
  • CVE-2023-33725
Published
2023-06-21T18:31:08Z
Modified
2023-11-08T04:12:41.481965Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Broadleaf vulnerable to Cross-site Scripting
Details

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.7-GA.

Database specific 
{
    "nvd_published_at": "2023-06-21T16:15:11Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-21T21:59:31Z"
}
References

Affected packages

Maven / org.broadleafcommerce:broadleaf

Package

Name
org.broadleafcommerce:broadleaf
View open source insights on deps.dev
Purl
pkg:maven/org.broadleafcommerce/broadleaf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0-GA
Fixed
6.2.7-GA