GHSA-8vj9-5v5q-fhch
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8vj9-5v5q-fhch
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-8vj9-5v5q-fhch/GHSA-8vj9-5v5q-fhch.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8vj9-5v5q-fhch
- Aliases
-
- CVE-2024-27609
- Published
- 2024-04-01T00:30:43Z
- Modified
- 2024-11-08T22:23:17.347758Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Bonita cross-site scripting vulnerability
- Details
-
Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel.
- Database specific
{ "nvd_published_at": "2024-04-01T00:15:49Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-01T15:52:49Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-27609
- https://github.com/bonitasoft/bonita-engine/commit/15dc60a99d97f9407b5089ba26f792cf3bd87f6b
- https://github.com/bonitasoft/bonita-engine/commit/26b24690a80dce11c0a4fa38ea54aeb35ca1e541
- https://github.com/bonitasoft/bonita-engine/commit/2c84ea1a76f7e7f345c334645e46428e9376b0c9
- https://github.com/bonitasoft/bonita-engine/commit/90469adf2b0ebf33f4c65b583f5c96284c8c1086
- https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_runtime_including_bonita_applications_2
- https://github.com/bonitasoft/bonita-engine
Affected packages
Maven / org.bonitasoft.console:bonita-web-server
Package
- Name
- org.bonitasoft.console:bonita-web-server
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bonitasoft.console/bonita-web-server
Maven / org.bonitasoft.platform:platform-resources
Package
- Name
- org.bonitasoft.platform:platform-resources
- View open source insights on deps.dev
- Purl
- pkg:maven/org.bonitasoft.platform/platform-resources
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed10.1.0.W11
Affected versions
7.*
7.3.0
7.3.1
7.3.2
7.3.3
7.4.0
7.4.1
7.4.2
7.4.3
7.5.0.beta-02
7.5.0
7.5.1
7.5.2
7.5.4
7.6.0
7.6.1
7.6.2
7.6.3
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.10.0
7.10.1
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.11.4
7.12.1
7.13.0
7.14.0
7.15.0
8.*
8.0.0
9.*
9.0.0
10.*
10.0.0
10.1.0