GHSA-qcgc-6q86-7x2p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qcgc-6q86-7x2p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-qcgc-6q86-7x2p/GHSA-qcgc-6q86-7x2p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qcgc-6q86-7x2p
- Aliases
- Published
- 2022-08-11T15:57:01Z
- Modified
- 2023-11-08T04:09:51.877731Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting
- Details
-
Core Components version 2.20.6 (and earlier) suffer from a reflected cross-site scripting (XSS) vulnerability in
AdaptiveImageServletvia SVG images. An attacker with author access can upload a special crafted SVG image (including a malicious Javascript) and obtain a link that, when loaded by another authenticated users, will execute the malicious script and gain access to other user's session. The issue has been resolved in 2.20.8. There are currently no known workarounds. - Database specific
{ "nvd_published_at": "2022-08-10T20:15:00Z", "github_reviewed_at": "2022-08-11T15:57:01Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Maven / com.adobe.cq:core.wcm.components.core
Package
- Name
- com.adobe.cq:core.wcm.components.core
- View open source insights on deps.dev
- Purl
- pkg:maven/com.adobe.cq/core.wcm.components.core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.20.8
Affected versions
1.*
1.0.0
1.0.2
1.0.4
1.0.6
1.1.0
2.*
2.0.0
2.0.2
2.0.4
2.0.6
2.0.8
2.1.0
2.2.0
2.2.2
2.3.0
2.3.2
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.8.1-SNAPSHOT-20200410121300
2.9.0
2.9.2
2.10.0
2.11.0
2.11.1
2.12.0
2.12.1
2.12.2
2.13.0
2.13.2
2.13.4
2.14.0
2.15.0
2.15.2
2.16.0
2.16.2
2.16.4
2.17.0
2.17.2
2.17.4
2.17.6
2.17.8
2.17.10
2.17.12
2.17.14
2.18.0
2.18.2
2.18.4
2.18.6
2.18.8
2.19.0
2.19.2
2.20.0
2.20.2
2.20.4
2.20.6