GHSA-c8mg-wp7h-f2pf

Source

https://github.com/advisories/GHSA-c8mg-wp7h-f2pf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c8mg-wp7h-f2pf/GHSA-c8mg-wp7h-f2pf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c8mg-wp7h-f2pf

Aliases

CVE-2018-14835

Published

2022-05-14T02:57:59Z

Modified

2024-02-16T08:05:26.933574Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Subrion CMS XSS

Details

Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2023-07-24T23:49:05Z",
    "nvd_published_at": "2018-08-02T00:29:00Z"
}

References

Affected packages

Packagist / intelliants/subrion

Package

Name: intelliants/subrion
Purl: pkg:composer/intelliants/subrion

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.2.1

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.2.0

v4.2.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c8mg-wp7h-f2pf/GHSA-c8mg-wp7h-f2pf.json"