GHSA-9mcw-mwxv-grwj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9mcw-mwxv-grwj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9mcw-mwxv-grwj/GHSA-9mcw-mwxv-grwj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9mcw-mwxv-grwj
- Aliases
- Published
- 2022-05-17T02:46:10Z
- Modified
- 2024-02-16T08:17:37.980196Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Craft CMS XSS Vulnerability
- Details
-
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
- Database specific
{ "nvd_published_at": "2017-05-01T06:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-27T21:14:22Z" }- References
Affected packages
Packagist / craftcms/cms
Package
- Name
- craftcms/cms
- Purl
- pkg:composer/craftcms/cms
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.2976
Affected versions
1.*
1.0.26.1
1.2.0-alpha.2310
1.2.0-alpha.2312
1.2.0-alpha.2316
1.2.0-alpha.2318
1.2.0-alpha.2319
1.2.0-alpha.2322
1.2.0-alpha.2323
1.2.0-alpha.2324
1.2.0-alpha.2328
1.2.0-alpha.2329
1.2.0-alpha.2332
1.2.2333
1.2.2335
1.2.2336
1.2.2337
1.2.2339
1.2.2358
1.2.2363
1.2.2367
1.2.2371
1.2.2375
1.2.2387
1.2.2392
1.2.2396
1.2.2399
1.3.0-alpha.2361
1.3.0-alpha.2366
1.3.0-alpha.2372
1.3.0-alpha.2374
1.3.0-alpha.2377
1.3.0-alpha.2378
1.3.0-alpha.2380
1.3.0-alpha.2388
1.3.0-alpha.2394
1.3.0-alpha.2397
1.3.0-alpha.2401
1.3.0-alpha.2402
1.3.0-alpha.2405
1.3.0-alpha.2464
1.3.2409
1.3.2410
1.3.2415
1.3.2416
1.3.2418
1.3.2419
1.3.2420
1.3.2422
1.3.2456
1.3.2459
1.3.2461
1.3.2462
1.3.2465
1.3.2473
1.3.2485
1.3.2486
1.3.2487
1.3.2494
1.3.2496
1.3.2507
1.4.0-alpha.2469
1.4.0-alpha.2470
1.4.0-alpha.2471
1.4.0-alpha.2476
1.4.0-alpha.2478
1.4.0-alpha.2479
1.4.0-alpha.2482
1.4.0-alpha.2484
1.4.0-alpha.2488
1.4.0-alpha.2489
1.4.0-alpha.2490
1.4.0-alpha.2491
1.4.0-alpha.2492
1.4.0-alpha.2493
1.4.0-alpha.2495
1.4.0-alpha.2497
1.4.0-alpha.2498
1.4.0-alpha.2499
1.4.0-alpha.2500
1.4.0-alpha.2502
1.4.0-alpha.2503
1.4.0-alpha.2505
1.4.0-alpha.2506
1.4.0-alpha.2509
1.4.0-alpha.2512
1.4.0-alpha.2513
1.4.0-alpha.2519
1.4.0-alpha.2521
2.*
2.0.2524
2.0.2525
2.0.2527
2.0.2528
2.0.2532
2.0.2533
2.0.2535
2.0.2536
2.0.2537
2.0.2538
2.0.2539
2.0.2540
2.0.2541
2.0.2542
2.0.2543
2.0.2548
2.0.2549
2.0.2551
2.1.0-alpha.2546
2.1.0-alpha.2547
2.1.0-alpha.2552
2.1.2554
2.1.2555
2.1.2556
2.1.2557
2.1.2559
2.1.2561
2.1.2562
2.1.2563
2.1.2564
2.1.2566
2.1.2568
2.1.2569
2.1.2570
2.2.0-alpha.2572
2.2.0-alpha.2575
2.2.0-alpha.2578
2.2.2579
2.2.2581
2.2.2582
2.2.2586
2.2.2587
2.2.2588
2.2.2589
2.2.2590
2.2.2591
2.2.2592
2.2.2593
2.2.2596
2.2.2598
2.2.2601
2.2.2604
2.2.2607
2.3.0-alpha.2600
2.3.0-alpha.2602
2.3.0-alpha.2603
2.3.0-alpha.2605
2.3.0-alpha.2606
2.3.0-alpha.2608
2.3.0-alpha.2610
2.3.0-alpha.2612
2.3.0-alpha.2645
2.3.2615
2.3.2616
2.3.2617
2.3.2618
2.3.2620
2.3.2621
2.3.2623
2.3.2624
2.3.2625
2.3.2626
2.3.2627
2.3.2629
2.3.2632
2.3.2635
2.3.2636
2.3.2639
2.3.2640
2.3.2641
2.3.2642
2.3.2643
2.3.2644
2.4.2664
2.4.2666
2.4.2667
2.4.2668
2.4.2669
2.4.2670
2.4.2675
2.4.2677
2.4.2679
2.4.2682
2.4.2684
2.4.2688
2.4.2691
2.4.2692
2.4.2693
2.4.2695
2.4.2696
2.4.2697
2.4.2698
2.4.2699
2.4.2700
2.4.2701
2.4.2702
2.4.2723
2.4.2725
2.4.2726
2.5.0-beta.2713
2.5.0-beta.2715
2.5.0-beta.2716
2.5.0-beta.2717
2.5.0-beta.2720
2.5.0-beta.2722
2.5.0-beta.2724
2.5.0-beta.2727
2.5.0-beta.2740
2.5.2750
2.5.2752
2.5.2753
2.5.2754
2.5.2755
2.5.2757
2.5.2759
2.5.2760
2.5.2761
2.5.2762
2.5.2763
2.5.2765
2.5.2767
2.6.2771
2.6.2773
2.6.2774
2.6.2776
2.6.2778
2.6.2779
2.6.2780
2.6.2781
2.6.2783
2.6.2784
2.6.2785
2.6.2788
2.6.2789
2.6.2791
2.6.2793
2.6.2794
2.6.2795
2.6.2796
2.6.2797
2.6.2798
2.6.2804
2.6.2903
2.6.2911
2.6.2916
2.6.2922
2.6.2923
2.6.2929
2.6.2930
2.6.2931
2.6.2940
2.6.2944
2.6.2945
2.6.2949
2.6.2950
2.6.2951
2.6.2952
2.6.2953
2.6.2954
2.6.2955
2.6.2956
2.6.2957
2.6.2958
2.6.2959
2.6.2960
2.6.2961
2.6.2962
2.6.2963
2.6.2964
2.6.2965
2.6.2966
2.6.2967
2.6.2968
2.6.2969
2.6.2970
2.6.2971
2.6.2972
2.6.2973
2.6.2974
2.6.2975