GHSA-v89q-c273-3p42
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v89q-c273-3p42
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-v89q-c273-3p42/GHSA-v89q-c273-3p42.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v89q-c273-3p42
- Aliases
- Published
- 2024-01-30T09:30:34Z
- Modified
- 2024-02-16T08:13:41.759185Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Craft CMS Audit Plugin Cross Site Scripting vulnerability
- Details
-
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
- Database specific
{ "severity": "MODERATE", "nvd_published_at": "2024-01-30T09:15:47Z", "github_reviewed_at": "2024-01-30T18:42:40Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-36259
- https://github.com/sjelfull/craft-audit/pull/73
- https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
- https://github.com/sjelfull/craft-audit
- https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
Affected packages
Packagist / superbig/craft-audit
Package
- Name
- superbig/craft-audit
- Purl
- pkg:composer/superbig/craft-audit