GoogleOSV:GHSA-FJ2W-QMJP-3RJMGollum Cross-site Scripting vulnerability via filename parameter to New Page dialog
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
45.0%
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the ‘New Page’ dialog.
References
gollum.com
github.com/gollum
github.com/gollum/gollum
github.com/gollum/gollum/commit/137728cdabc0f60859fcd30404ad2b8fff6ef715
github.com/gollum/gollum/releases/tag/v5.1.2
github.com/rubysec/ruby-advisory-db/blob/master/gems/gollum/CVE-2020-35305.yml
github.com/Szarny
nvd.nist.gov/vuln/detail/CVE-2020-35305
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
45.0%