Lucene search
GoogleOSV:GHSA-PP7V-WXX9-HM6RHistoryMay 30, 2024 - 1:21 p.m.
Thelia BackOffice default template vulnerable to Cross-site Scripting
2024-05-3013:21:20
Google
osv.dev
7
thelia
backoffice
cross-site scripting
vulnerability
default template
software
patch
version 2.1.0
version 2.1.1
version 2.0.x
version 2.1.2
AI Score
6.5
Confidence
High
The BackOffice of Thelia (error.html template) has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue.
References
github.com/FriendsOfPHP/security-advisories/blob/master/thelia/backoffice-default-template/2015-02-24-1.yaml
github.com/thelia-templates/back
github.com/thelia-templates/back/commit/592612899057addc2613ccddf172024588277d2d
thelia.net/version-2-1-2-with-security-fix
web.archive.org/web/20160406004324/thelia.net/version-2-1-2-with-security-fix
AI Score
6.5
Confidence
High