Описание
Thelia BackOffice default template vulnerable to Cross-site Scripting
The BackOffice of Thelia (error.html template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.
Ссылки
- https://github.com/thelia-templates/back/commit/592612899057addc2613ccddf172024588277d2d
- https://github.com/FriendsOfPHP/security-advisories/blob/master/thelia/backoffice-default-template/2015-02-24-1.yaml
- https://thelia.net/version-2-1-2-with-security-fix
- https://web.archive.org/web/20160406004324/http://thelia.net/version-2-1-2-with-security-fix
Пакеты
Наименование
thelia/backoffice-default-template
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.2
2.1.2
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79