Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ZjYzLWg2ZzMtN2N3bc0vhw
Cross Site Scripting (XSS) in @finastra/ssr-pages
A cross site scripting (XSS) issue can occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function.
References
- https://github.com/Finastra/ssr-pages/pull/2
- https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
- https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZjYzLWg2ZzMtN2N3bc0vhw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: almost 2 years ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00099
EPSS Percentile: 0.42049
Identifiers: GHSA-7f63-h6g3-7cwm, CVE-2022-24717
References:
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm
- https://nvd.nist.gov/vuln/detail/CVE-2022-24717
- https://github.com/Finastra/ssr-pages/pull/2
- https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
- https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
- https://github.com/advisories/GHSA-7f63-h6g3-7cwm
Blast Radius: 4.7
Affected Packages
npm:@finastra/ssr-pages
Dependent packages: 5Dependent repositories: 6
Downloads: 75 last month
Affected Version Ranges: < 0.1.5
Fixed in: 0.1.5
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4
All unaffected versions: 0.1.5, 0.1.6