Thelia Cross-site Scripting vulnerability in BackOffice · GHSA-vq4j-qcx7-ppc6 · GitHub Advisory Database · GitHub

Thelia Cross-site Scripting vulnerability in BackOffice

Moderate severity GitHub Reviewed Published May 30, 2024 to the GitHub Advisory Database • Updated May 30, 2024

Package

thelia/thelia (Composer)

Affected versions

>= 2.1.0, < 2.1.2

Patched versions

2.1.2

Description

The BackOffice of Thelia (error.html template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.

References

Published to the GitHub Advisory Database May 30, 2024

Reviewed May 30, 2024

Last updated May 30, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N