Lucene search
GitHub Advisory DatabaseGHSA-PP7V-WXX9-HM6RHistoryMay 30, 2024 - 1:21 p.m.
Thelia BackOffice default template vulnerable to Cross-site Scripting
2024-05-3013:21:20
CWE-79
GitHub Advisory Database
github.com
5
thelia software
backoffice
cross-site scripting
vulnerability
version 2.1.0
version 2.1.1
patch
AI Score
6.5
Confidence
High
The BackOffice of Thelia (error.html template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.
Affected configurations
Node
theliabackoffice-default-templateRange2.1.0–2.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| thelia | backoffice-default-template | * | cpe:2.3:a:thelia:backoffice-default-template:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-pp7v-wxx9-hm6r
github.com/FriendsOfPHP/security-advisories/blob/master/thelia/backoffice-default-template/2015-02-24-1.yaml
github.com/thelia-templates/back/commit/592612899057addc2613ccddf172024588277d2d
thelia.net/version-2-1-2-with-security-fix
web.archive.org/web/20160406004324/thelia.net/version-2-1-2-with-security-fix
AI Score
6.5
Confidence
High