GHSA-v762-47vh-j7q3

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Feehi CMS vulnerable to Cross-site Scripting in Username Field

Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2020-21146
https://github.com/liufee/cms/issues/43
https://github.com/liufee/cms/commit/e92f6877d96e53498101d0664174956e94223d6e

Пакеты

Наименование

feehi/cms

composer

Затронутые версииВерсия исправления

<= 2.0.8

2.0.8.1

EPSS

Процентиль: 53%

0.00305

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2020-21146

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-21146

CVSS3: 6.1

nvd

около 5 лет назад

Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerability. When the user name is inserted as JavaScript code, browsing the post will trigger the XSS.

EPSS

Процентиль: 53%

0.00305

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2020-21146

Дефекты

CWE-79