CVE-2024-8572

Опубликовано: 08 сент. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component.

Ссылки

https://github.com/gouniverse/cms/commit/3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c
Patch
https://github.com/gouniverse/cms/issues/5
Issue Tracking
https://github.com/gouniverse/cms/issues/5#issuecomment-2330848731
Issue Tracking
https://github.com/gouniverse/cms/releases/tag/v1.4.1
Release Notes
https://vuldb.com/?ctiid.276802
Permissions Required
https://vuldb.com/?id.276802
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.401896
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gouniverse:golang_cms:*:*:*:*:*:*:*:*

Версия до 1.4.1 (исключая)

EPSS

Процентиль: 49%

0.00261

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pv7h-hg6m-82j8

CVSS3: 3.5

github

больше 1 года назад

Gouniverse GoLang CMS vulnerable to Cross-site Scripting

EPSS

Процентиль: 49%

0.00261

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79