GHSA-q3c8-65q7-9v78

Source

https://github.com/advisories/GHSA-q3c8-65q7-9v78

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-q3c8-65q7-9v78/GHSA-q3c8-65q7-9v78.json

Aliases

CVE-2021-37502

Published

2023-02-03T18:30:26Z

Modified

2023-11-08T04:06:18.391403Z

Details

Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-37502
https://github.com/marcantondahmen/automad/issues/29

Affected packages

Packagist / automad/automad

Package

Name: automad/automad

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.8.0

Affected versions

1.*

1.0.0-beta1

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.6.10

1.6.11

1.6.12

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5