GHSA-6hv3-9fqx-8pg5

Source

https://github.com/advisories/GHSA-6hv3-9fqx-8pg5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-6hv3-9fqx-8pg5/GHSA-6hv3-9fqx-8pg5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6hv3-9fqx-8pg5

Aliases

CVE-2016-15022

Published

2023-01-29T21:34:04Z

Modified

2024-02-16T08:12:55.459155Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

CImage Cross-site Scripting vulnerability

Details

A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file checksystem.php. The manipulation of the argument $SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.

Database specific

{
    "nvd_published_at": "2023-01-29T19:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-20T22:38:29Z"
}

References

Affected packages

Packagist / mos/cimage

Package

Name: mos/cimage
Purl: pkg:composer/mos/cimage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.19

Affected versions

v0.*

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.7.10

v0.7.11

v0.7.12

v0.7.13

v0.7.14

v0.7.15

v0.7.16

v0.7.17

v0.7.18