GHSA-fj2w-qmjp-3rjm

Suggest an improvement
Source
https://github.com/advisories/GHSA-fj2w-qmjp-3rjm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-fj2w-qmjp-3rjm/GHSA-fj2w-qmjp-3rjm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fj2w-qmjp-3rjm
Aliases
Published
2022-07-16T00:00:28Z
Modified
2024-02-16T08:20:48.053959Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
Details

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.

Database specific 
{
    "nvd_published_at": "2022-07-15T14:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-20T01:25:22Z"
}
References

Affected packages

RubyGems / gollum

Package

Name
gollum
Purl
pkg:gem/gollum

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0
Fixed
5.1.2

Affected versions

5.*

5.0.0
5.0.1
5.1
5.1.1