GHSA-jf9v-q8vh-3fmc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jf9v-q8vh-3fmc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-jf9v-q8vh-3fmc/GHSA-jf9v-q8vh-3fmc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jf9v-q8vh-3fmc
- Aliases
- Published
- 2021-09-09T17:11:11Z
- Modified
- 2024-02-17T05:33:48.680368Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site scripting in ICEcoder
- Details
-
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.
- Database specific
{ "nvd_published_at": "2021-06-08T13:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-06-10T14:32:36Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-32106
- https://github.com/icecoder/ICEcoder/commit/21d6ae0f2a3fce7d076ae430d48f5df56bd0f256
- https://github.com/icecoder/ICEcoder
- https://groups.google.com/g/icecoder/c/xcAc8_1UPxQ
- https://prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting
Affected packages
Packagist / icecoder/icecoder
Package
- Name
- icecoder/icecoder
- Purl
- pkg:composer/icecoder/icecoder