Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS01ZmZqLW1waDUtYzVods4AAutQ

Moderate EPSS: 0.00163% (0.38013 Percentile) EPSS:
Permalink JSON

Appwrite Vulnerable to Cross-site Scripting

Affected Packages Affected Versions Fixed Versions
packagist:appwrite/server-ce < 1.0.0-RC1 1.0.0-RC1
0 Dependent packages
0 Dependent repositories
16,383 Downloads total

Affected Version Ranges

All affected versions

0.1.13, 0.1.15, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.15.2, 0.15.3

All unaffected versions

1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4

Appwrite is vulnerable to stored cross-site scripting in usernames, function names, storage bucket names, and database collection names.

References:

Identifiers

GHSA-5ffj-mph5-c5hv

CVE-2022-2925

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00163

EPSS Percentile: 0.38013

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/appwrite/appwrite

Date and time

Published

almost 3 years ago

Updated

over 1 year ago

API

JSON