GHSA-hfm8-2q22-h7hv

Source

https://github.com/advisories/GHSA-hfm8-2q22-h7hv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-hfm8-2q22-h7hv/GHSA-hfm8-2q22-h7hv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hfm8-2q22-h7hv

Aliases

CVE-2021-43561

Published

2021-11-15T17:39:18Z

Modified

2023-11-08T04:07:10.400650Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in pegasus/google-for-jobs

Details

An XSS issue was discovered in the googleforjobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.

Database specific

{
    "nvd_published_at": "2021-11-10T15:15:00Z",
    "github_reviewed_at": "2021-11-12T19:44:37Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / pegasus/google-for-jobs

Package

Name: pegasus/google-for-jobs
Purl: pkg:composer/pegasus/google-for-jobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Affected versions

1.*

1.1.0

1.1.1

1.2.0

1.3.0

1.4.0

1.5.0

Packagist / pegasus/google-for-jobs

Package

Name: pegasus/google-for-jobs
Purl: pkg:composer/pegasus/google-for-jobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.1.1

Affected versions

2.*

2.0.0

2.0.1

2.1.0