GHSA-q9g7-pff4-548r

Source

https://github.com/advisories/GHSA-q9g7-pff4-548r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q9g7-pff4-548r/GHSA-q9g7-pff4-548r.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q9g7-pff4-548r

Aliases

CVE-2018-1999021

Published

2022-05-14T02:59:06Z

Modified

2024-04-25T22:56:48.340934Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Gleez Cms Cross-site Scripting in Profile Page

Details

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in injection of arbitrary web script or HTML via the profile page editor. The victim must navigate to the attacker's profile page to exploit this vulnerability.

Database specific

{
    "nvd_published_at": "2018-07-23T15:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T22:42:11Z"
}

References

Affected packages

Packagist / gleez/cms

Package

Name: gleez/cms
Purl: pkg:composer/gleez/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.3.0