Lucene search

GitHub Advisory DatabaseGHSA-FJ2W-QMJP-3RJM

HistoryJul 16, 2022 - 12:00 a.m.

Gollum Cross-site Scripting vulnerability via filename parameter to New Page dialog

2022-07-1600:00:28

CWE-79

GitHub Advisory Database

github.com

gollum

cross-site scripting

new page dialog

vulnerability

software

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.0%

JSON

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.

Affected configurations

Vulners

Node

gollum_projectgollumRange5.0–5.1.2

VendorProductVersionCPE
gollum_projectgollum*cpe:2.3:a:gollum_project:gollum:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gollum_project	gollum	*	cpe:2.3:a:gollum_project:gollum::::::::

References

gollum.com

github.com/advisories/GHSA-fj2w-qmjp-3rjm

github.com/gollum/

github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715

github.com/gollum/gollum/releases/tag/v5.1.2

github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2020-35305.yml

github.com/Szarny/

nvd.nist.gov/vuln/detail/CVE-2020-35305

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

45.0%

JSON

Related for GHSA-FJ2W-QMJP-3RJM