Lucene search

GoogleOSV:GHSA-M22Q-97P5-79V2

HistoryFeb 21, 2023 - 12:30 a.m.

Mind-elixir Cross-site Scripting vulnerability

2023-02-2100:30:20

Google

osv.dev

mind-elixir

free

open source

mind map

cross-site scripting

vulnerability

version 0.18.1

patched

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1.

CPENameOperatorVersion
mind-elixirlt0.18.1

CPE	Name	Operator	Version
	mind-elixir	lt	0.18.1

References

github.com/ssshooter/mind-elixir-core

github.com/ssshooter/mind-elixir-core/blob/79942a68b14c8875ab7d270b1ad25bfff351b04c/src/plugin/contextMenu.js#L13

github.com/ssshooter/mind-elixir-core/commit/073485269ac83af24371f35bd08507defa885655

nvd.nist.gov/vuln/detail/CVE-2021-32851

securitylab.github.com/advisories/GHSL-2021-1047_Mind-elixir

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for OSV:GHSA-M22Q-97P5-79V2