GHSA-g688-7j3c-h9f3

Source

https://github.com/advisories/GHSA-g688-7j3c-h9f3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-g688-7j3c-h9f3/GHSA-g688-7j3c-h9f3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-g688-7j3c-h9f3

Aliases

CVE-2022-31290

Published

2022-07-09T00:00:26Z

Modified

2024-02-21T05:32:15.023759Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Known v1.3.1 Cross-site Scripting

Details

A cross-site scripting (XSS) vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.

The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last version tagged on GitHub and in Packagist, and development related to the 1.3.x branch is currently on the dev branch of the idno/known repository.

Database specific

{
    "nvd_published_at": "2022-07-08T12:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-20T00:02:47Z"
}

References

Affected packages

Packagist / idno/known

Package

Name: idno/known
Purl: pkg:composer/idno/known

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.1

Affected versions

1.*

1.0.0-rc.1

1.0.0-rc.3

1.0.0

1.2.2