GHSA-qv7g-j98v-8pp7

Source

https://github.com/advisories/GHSA-qv7g-j98v-8pp7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-qv7g-j98v-8pp7/GHSA-qv7g-j98v-8pp7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qv7g-j98v-8pp7

Aliases

CVE-2021-41236

Published

2022-01-06T18:34:35Z

Modified

2023-11-08T04:06:56.994559Z

Severity

6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N CVSS Calculator

Summary

XSS vulnerability on email template preview page

Details

Summary

Email template preview is vulnerable to XSS payload added to email template content. The attacker should have permission to create or edit an email template. For successful payload, execution attacked user should preview a vulnerable email template.

Workarounds

There are no workarounds that address this vulnerability.

Database specific

{
    "nvd_published_at": "2022-01-04T19:15:00Z",
    "github_reviewed_at": "2022-01-04T17:51:41Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / oro/platform

Package

Name: oro/platform
Purl: pkg:composer/oro/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.21

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.18

3.1.19

3.1.20

Packagist / oro/platform

Package

Name: oro/platform
Purl: pkg:composer/oro/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.14

Affected versions

4.*

4.1.0

4.1.1-rc

4.1.1-rc2

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.1.10

4.1.11

4.1.12

4.1.13

Packagist / oro/platform

Package

Name: oro/platform
Purl: pkg:composer/oro/platform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.8

Affected versions

4.*

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7