GHSA-79hv-pfx6-hhpj

Suggest an improvement
Source
https://github.com/advisories/GHSA-79hv-pfx6-hhpj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-79hv-pfx6-hhpj/GHSA-79hv-pfx6-hhpj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-79hv-pfx6-hhpj
Aliases
Published
2021-03-12T21:34:02Z
Modified
2023-11-08T04:05:28.152861Z
Summary
Cross-site scripting (XSS)
Details

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2021-03-12T19:56:01Z",
    "nvd_published_at": "2021-03-11T17:15:00Z",
    "severity": "MODERATE"
}
References

Affected packages

Packagist / impresscms/impresscms

Package

Name
impresscms/impresscms
Purl
pkg:composer/impresscms/impresscms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.4.2