Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern

🗓️ 02 Dec 2024 18:34:45Reported by GitHub Advisory DatabaseType

github

github🔗 github.com👁 13 Views

Ibexa Admin UI XSS vulnerability in Content name patter

Reporter	Title	Published	Views	Family All 12
CNNVD	Ibexa Admin UI 跨站脚本漏洞	29 Nov 202400:00	–	cnnvd
CVE	CVE-2024-53864	29 Nov 202418:45	–	cve
Cvelist	CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui	29 Nov 202418:45	–	cvelist
EUVD	EUVD-2024-3451	3 Oct 202520:07	–	euvd
NVD	CVE-2024-53864	29 Nov 202419:15	–	nvd
OSV	CVE-2024-53864 Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui	29 Nov 202418:45	–	osv
OSV	GHSA-8W3P-GF85-QCCH Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern	2 Dec 202418:34	–	osv
Positive Technologies	PT-2024-35962 · Ibexa · Ibexa Admin Ui Bundle	29 Nov 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-53864	23 May 202507:14	–	redhatcve
Snyk	Cross-site Scripting (XSS)	29 Nov 202419:40	–	snyk

Vulners

Node

ibexa admin-uiRange4.6.0–4.6.14composer

Source	Link
github	www.github.com/ibexa/admin-ui/security/advisories/GHSA-8w3p-gf85-qcch
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-53864
github	www.github.com/ibexa/admin-ui/commit/8ec824a8cf06c566ed88e4c21cc66f7ed42649fc
developers	www.developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates
doc	www.doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/
github	www.github.com/advisories/GHSA-8w3p-gf85-qcch

02 Dec 2024 18:34Current

6.1Medium risk

Vulners AI Score6.1

CVSS 45.3

EPSS0.00246

SSVC

ibexa admin ui cross-site scripting content name pattern vulnerability patched versions github security advisory release notes