Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jNzdmLTRyZ2otamZyNM0VxQ
Cross-site Scripting in Beego
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
Permalink: https://github.com/advisories/GHSA-c77f-4rgj-jfr4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNzdmLTRyZ2otamZyNM0VxQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 5 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-c77f-4rgj-jfr4, CVE-2021-39391
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-39391
- https://github.com/beego/beego/issues/4727
- https://github.com/advisories/GHSA-c77f-4rgj-jfr4
Blast Radius: 15.8
Affected Packages
go:github.com/beego/beego/v2
Dependent packages: 252Dependent repositories: 395
Downloads:
Affected Version Ranges: < 2.0.2
Fixed in: 2.0.2
All affected versions: 2.0.0, 2.0.1
All unaffected versions: 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5