The BackOffice of Thelia (error.html
template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.
Vendor | Product | Version | CPE |
---|---|---|---|
thelia | backoffice-default-template | * | cpe:2.3:a:thelia:backoffice-default-template:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-pp7v-wxx9-hm6r
github.com/FriendsOfPHP/security-advisories/blob/master/thelia/backoffice-default-template/2015-02-24-1.yaml
github.com/thelia-templates/back/commit/592612899057addc2613ccddf172024588277d2d
thelia.net/version-2-1-2-with-security-fix
web.archive.org/web/20160406004324/thelia.net/version-2-1-2-with-security-fix