GHSA-xgpf-p52j-pf7m

Suggest an improvement
Source
https://github.com/advisories/GHSA-xgpf-p52j-pf7m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xgpf-p52j-pf7m
Aliases
Published
2021-03-24T17:42:02Z
Modified
2024-12-02T05:49:22.917580Z
Summary
XSS in CreateQueuedJobTask
Details

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.

Database specific 
{
    "nvd_published_at": "2021-03-16T16:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-24T17:41:15Z"
}
References

Affected packages

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.2

Affected versions

3.*

3.0.0
3.0.1

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.4

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.7

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.2

Affected versions

4.*

4.1.0
4.1.1

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
4.2.4

Affected versions

4.*

4.2.0
4.2.1
4.2.2
4.2.3

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.3

Affected versions

4.*

4.4.0
4.4.1
4.4.2

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.1

Affected versions

4.*

4.5.0

Packagist / symbiote/silverstripe-queuedjobs

Package

Name
symbiote/silverstripe-queuedjobs
Purl
pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6.0
Fixed
4.6.4

Affected versions

4.*

4.6.0
4.6.1
4.6.2
4.6.3