Описание
Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000442
- https://github.com/passbolt/passbolt_api/commit/f5eb93485a90195439e12aa8072f45ceb37b19c3
- https://github.com/FriendsOfPHP/security-advisories/blob/master/passbolt/passbolt_api/CVE-2017-1000442.yaml
- https://www.passbolt.com/incidents/20170914_xss_on_resource_urls
- https://www.passbolt.com/release/notes#September
Пакеты
Наименование
passbolt/passbolt_api
composer
Затронутые версииВерсия исправления
< 1.6.5
1.6.5
Связанные уязвимости
CVSS3: 5.4
nvd
около 8 лет назад
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace