GHSA-vpmw-77vm-4mjg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vpmw-77vm-4mjg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vpmw-77vm-4mjg/GHSA-vpmw-77vm-4mjg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vpmw-77vm-4mjg
- Aliases
- Published
- 2022-03-02T00:00:21Z
- Modified
- 2023-11-08T04:08:53.857963Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Cipi
- Details
-
Cipi 3.1.15 allows Add Server stored cross-site scripting via the /api/servers name field.
- Database specific
{ "nvd_published_at": "2022-03-01T01:15:00Z", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2022-03-09T20:07:17Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
Packagist / andreapollastri/cipi
Package
- Name
- andreapollastri/cipi
- Purl
- pkg:composer/andreapollastri/cipi
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected3.1.15
Affected versions
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.8
1.1.9
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
1.4.1
1.4.2
2.*
2.0.0beta
2.0.1beta
2.0.2beta
2.0.3beta
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.2
2.3.3
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
Other
3beta
3.*
3.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15