GHSA-63c6-w556-3h7q

Source

https://github.com/advisories/GHSA-63c6-w556-3h7q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-63c6-w556-3h7q/GHSA-63c6-w556-3h7q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-63c6-w556-3h7q

Aliases

CVE-2023-2862

Published

2023-05-24T12:30:17Z

Modified

2024-02-16T08:18:30.836932Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

SSCMS vulnerable to Cross Site Scripting

Details

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.

Database specific

{
    "nvd_published_at": "2023-05-24T10:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T17:33:51Z"
}

References

Affected packages

NuGet / SSCMS

Package

Name: SSCMS; View open source insights on deps.dev
Purl: pkg:nuget/SSCMS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

7.2.1

Affected versions

1.*

1.0.0-preview4

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.0.10

7.0.12

7.1.0

7.1.1

7.1.2

7.1.3

7.2.0

7.2.1