Lucene search

GitHub Advisory DatabaseGHSA-M22Q-97P5-79V2

HistoryFeb 21, 2023 - 12:30 a.m.

Mind-elixir Cross-site Scripting vulnerability

2023-02-2100:30:20

CWE-79

GitHub Advisory Database

github.com

mind-elixir

open source

mind map

cross-site scripting

vulnerability

untrusted menus

patched

version 0.18.1

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1.

Affected configurations

Vulners

Node

mindimind_serverRange<0.18.1

CPENameOperatorVersion
mind-elixirlt0.18.1

CPE	Name	Operator	Version
	mind-elixir	lt	0.18.1

References

github.com/advisories/GHSA-m22q-97p5-79v2

github.com/ssshooter/mind-elixir-core/blob/79942a68b14c8875ab7d270b1ad25bfff351b04c/src/plugin/contextMenu.js#L13

github.com/ssshooter/mind-elixir-core/commit/073485269ac83af24371f35bd08507defa885655

nvd.nist.gov/vuln/detail/CVE-2021-32851

securitylab.github.com/advisories/GHSL-2021-1047_Mind-elixir/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for GHSA-M22Q-97P5-79V2