GHSA-qv4x-v2v4-f8p9

Опубликовано: 22 фев. 2024

Источник: github

Github: Прошло ревью

CVSS3: 7.1

Описание

Withdrawn Advisory: Kirby CMS HTML injection vulnerability

Withdrawn Advisory

This advisory has been withdrawn because the vendor reports that some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

Original Advisory

An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload.

Ссылки

Пакеты

Наименование

getkirby/cms

composer

Затронутые версииВерсия исправления

<= 4.1.0

Отсутствует

EPSS

Процентиль: 10%

0.00035

Низкий

7.1 High

CVSS3

CVE ID

CVE-2024-26482

Дефекты

CWE-80

Связанные уязвимости

CVE-2024-26482

CVSS3: 7.1

nvd

почти 2 года назад

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.

SUSE-SU-2024:2571-1

suse-cvrf

больше 1 года назад

Security update for the Linux Kernel

EPSS

Процентиль: 10%

0.00035

Низкий

7.1 High

CVSS3

CVE ID

CVE-2024-26482

Дефекты

CWE-80