Cross site scripting in automad/automad · CVE-2021-37502 · GitHub Advisory Database · GitHub

Cross site scripting in automad/automad

Moderate severity GitHub Reviewed Published Feb 3, 2023 to the GitHub Advisory Database • Updated Aug 19, 2024

Package

automad/automad (Composer)

Affected versions

< 1.8.0

Patched versions

1.8.0

Description

Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.

References

Published by the National Vulnerability Database

Feb 3, 2023

Published to the GitHub Advisory Database Feb 3, 2023

Reviewed Feb 4, 2023

Last updated Aug 19, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N