GHSA-vq4j-qcx7-ppc6

Suggest an improvement
Source
https://github.com/advisories/GHSA-vq4j-qcx7-ppc6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vq4j-qcx7-ppc6/GHSA-vq4j-qcx7-ppc6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vq4j-qcx7-ppc6
Published
2024-05-30T13:17:46Z
Modified
2024-05-30T13:32:32.359090Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Thelia Cross-site Scripting vulnerability in BackOffice
Details

The BackOffice of Thelia (error.html template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.

References

Affected packages

Packagist / thelia/thelia

Package

Name
thelia/thelia
Purl
pkg:composer/thelia/thelia

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.2

Affected versions

2.*

2.1.0
2.1.1