GHSA-vv3r-fxqp-vr3f

Опубликовано: 21 нояб. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

XSS via uploaded gpx file

A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data.

By default, Silverstripe CMS will no longer allow GPX files to be uploaded to the assets area.

Ссылки

Пакеты

Наименование

silverstripe/assets

composer

Затронутые версииВерсия исправления

>= 1.0.0, < 1.11.1

1.11.1

EPSS

Процентиль: 55%

0.00322

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-38147

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-38147

CVSS3: 5.4

nvd

около 3 лет назад

Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 of 3).

EPSS

Процентиль: 55%

0.00322

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-38147

Дефекты

CWE-79