6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
47.1%
Algeron is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of url data sanitization in the RegisterHandlers
function of handlers.go
, which can result in cookie stealing or redirection to an attacker controlled site.
github.com/advisories/GHSA-g47h-fgcw-g4ph
github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L512
github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/engine/handlers.go%23L514
github.com/xyproto/algernon/blob/aab484608651852d02a8a93f40baf53ed93e639a/themes/html.go%23L145
github.com/xyproto/algernon/blob/main/engine/handlers.go#L551