Veracode Vulnerability DatabaseVERACODE:44970Cross Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%
govuk_tech_docs is vulnerable to Cross Site Scripting (XSS). The vulnerability is caused due to lack of proper input validation in the search results of pages. This allows an attacker to inject arbitrary HTML or scripts into the search results, resulting in Cross Site Scripting (XSS).
| CPE | Name | Operator | Version |
|---|---|---|---|
| govuk_tech_docs | le | 3.3.0 | |
| govuk_tech_docs | le | 3.3.0 |
References
github.com/advisories/GHSA-x2xw-hw8g-6773
github.com/alphagov/tech-docs-gem/commit/a51c7058cec46bf2a4e25a1da62b14ac3fd46b53
github.com/alphagov/tech-docs-gem/pull/323
github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1
github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773
vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.4%