GHSA-6pvw-hh48-jx7p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6pvw-hh48-jx7p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6pvw-hh48-jx7p/GHSA-6pvw-hh48-jx7p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6pvw-hh48-jx7p
- Aliases
- Published
- 2022-05-17T02:14:13Z
- Modified
- 2024-02-16T07:56:41.518134Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Craft CMS XSS Vulnerability
- Details
-
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
- Database specific
{ "nvd_published_at": "2017-06-08T13:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-27T22:18:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-9516
- https://craftcms.com/changelog#2-6-2982
- https://github.com/craftcms/cms
- https://packetstormsecurity.com/files/142851/Craft-CMS-2.6-Cross-Site-Scripting-File-Upload.html
- https://twitter.com/CraftCMS/status/872599894912937984
- https://www.exploit-db.com/exploits/42143
Affected packages
Packagist / craftcms/cms
Package
- Name
- craftcms/cms
- Purl
- pkg:composer/craftcms/cms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.2982
Affected versions
1.*
1.0.26.1
1.2.0-alpha.2310
1.2.0-alpha.2312
1.2.0-alpha.2316
1.2.0-alpha.2318
1.2.0-alpha.2319
1.2.0-alpha.2322
1.2.0-alpha.2323
1.2.0-alpha.2324
1.2.0-alpha.2328
1.2.0-alpha.2329
1.2.0-alpha.2332
1.2.2333
1.2.2335
1.2.2336
1.2.2337
1.2.2339
1.2.2358
1.2.2363
1.2.2367
1.2.2371
1.2.2375
1.2.2387
1.2.2392
1.2.2396
1.2.2399
1.3.0-alpha.2361
1.3.0-alpha.2366
1.3.0-alpha.2372
1.3.0-alpha.2374
1.3.0-alpha.2377
1.3.0-alpha.2378
1.3.0-alpha.2380
1.3.0-alpha.2388
1.3.0-alpha.2394
1.3.0-alpha.2397
1.3.0-alpha.2401
1.3.0-alpha.2402
1.3.0-alpha.2405
1.3.0-alpha.2464
1.3.2409
1.3.2410
1.3.2415
1.3.2416
1.3.2418
1.3.2419
1.3.2420
1.3.2422
1.3.2456
1.3.2459
1.3.2461
1.3.2462
1.3.2465
1.3.2473
1.3.2485
1.3.2486
1.3.2487
1.3.2494
1.3.2496
1.3.2507
1.4.0-alpha.2469
1.4.0-alpha.2470
1.4.0-alpha.2471
1.4.0-alpha.2476
1.4.0-alpha.2478
1.4.0-alpha.2479
1.4.0-alpha.2482
1.4.0-alpha.2484
1.4.0-alpha.2488
1.4.0-alpha.2489
1.4.0-alpha.2490
1.4.0-alpha.2491
1.4.0-alpha.2492
1.4.0-alpha.2493
1.4.0-alpha.2495
1.4.0-alpha.2497
1.4.0-alpha.2498
1.4.0-alpha.2499
1.4.0-alpha.2500
1.4.0-alpha.2502
1.4.0-alpha.2503
1.4.0-alpha.2505
1.4.0-alpha.2506
1.4.0-alpha.2509
1.4.0-alpha.2512
1.4.0-alpha.2513
1.4.0-alpha.2519
1.4.0-alpha.2521
2.*
2.0.2524
2.0.2525
2.0.2527
2.0.2528
2.0.2532
2.0.2533
2.0.2535
2.0.2536
2.0.2537
2.0.2538
2.0.2539
2.0.2540
2.0.2541
2.0.2542
2.0.2543
2.0.2548
2.0.2549
2.0.2551
2.1.0-alpha.2546
2.1.0-alpha.2547
2.1.0-alpha.2552
2.1.2554
2.1.2555
2.1.2556
2.1.2557
2.1.2559
2.1.2561
2.1.2562
2.1.2563
2.1.2564
2.1.2566
2.1.2568
2.1.2569
2.1.2570
2.2.0-alpha.2572
2.2.0-alpha.2575
2.2.0-alpha.2578
2.2.2579
2.2.2581
2.2.2582
2.2.2586
2.2.2587
2.2.2588
2.2.2589
2.2.2590
2.2.2591
2.2.2592
2.2.2593
2.2.2596
2.2.2598
2.2.2601
2.2.2604
2.2.2607
2.3.0-alpha.2600
2.3.0-alpha.2602
2.3.0-alpha.2603
2.3.0-alpha.2605
2.3.0-alpha.2606
2.3.0-alpha.2608
2.3.0-alpha.2610
2.3.0-alpha.2612
2.3.0-alpha.2645
2.3.2615
2.3.2616
2.3.2617
2.3.2618
2.3.2620
2.3.2621
2.3.2623
2.3.2624
2.3.2625
2.3.2626
2.3.2627
2.3.2629
2.3.2632
2.3.2635
2.3.2636
2.3.2639
2.3.2640
2.3.2641
2.3.2642
2.3.2643
2.3.2644
2.4.2664
2.4.2666
2.4.2667
2.4.2668
2.4.2669
2.4.2670
2.4.2675
2.4.2677
2.4.2679
2.4.2682
2.4.2684
2.4.2688
2.4.2691
2.4.2692
2.4.2693
2.4.2695
2.4.2696
2.4.2697
2.4.2698
2.4.2699
2.4.2700
2.4.2701
2.4.2702
2.4.2723
2.4.2725
2.4.2726
2.5.0-beta.2713
2.5.0-beta.2715
2.5.0-beta.2716
2.5.0-beta.2717
2.5.0-beta.2720
2.5.0-beta.2722
2.5.0-beta.2724
2.5.0-beta.2727
2.5.0-beta.2740
2.5.2750
2.5.2752
2.5.2753
2.5.2754
2.5.2755
2.5.2757
2.5.2759
2.5.2760
2.5.2761
2.5.2762
2.5.2763
2.5.2765
2.5.2767
2.6.2771
2.6.2773
2.6.2774
2.6.2776
2.6.2778
2.6.2779
2.6.2780
2.6.2781
2.6.2783
2.6.2784
2.6.2785
2.6.2788
2.6.2789
2.6.2791
2.6.2793
2.6.2794
2.6.2795
2.6.2796
2.6.2797
2.6.2798
2.6.2804
2.6.2903
2.6.2911
2.6.2916
2.6.2922
2.6.2923
2.6.2929
2.6.2930
2.6.2931
2.6.2940
2.6.2944
2.6.2945
2.6.2949
2.6.2950
2.6.2951
2.6.2952
2.6.2953
2.6.2954
2.6.2955
2.6.2956
2.6.2957
2.6.2958
2.6.2959
2.6.2960
2.6.2961
2.6.2962
2.6.2963
2.6.2964
2.6.2965
2.6.2966
2.6.2967
2.6.2968
2.6.2969
2.6.2970
2.6.2971
2.6.2972
2.6.2973
2.6.2974
2.6.2975
2.6.2976
2.6.2977
2.6.2978
2.6.2979
2.6.2980
2.6.2981