Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oZm04LTJxMjItaDdods0XKw

Cross-site Scripting in pegasus/google-for-jobs

An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.

Permalink: https://github.com/advisories/GHSA-hfm8-2q22-h7hv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oZm04LTJxMjItaDdods0XKw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: almost 2 years ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-hfm8-2q22-h7hv, CVE-2021-43561
References:

Blast Radius: 1.0

Affected Packages

packagist:pegasus/google-for-jobs

Dependent packages: 0
Dependent repositories: 0
Downloads: 1,279 total
Affected Version Ranges: >= 2.0.0, < 2.1.1, < 1.5.1
Fixed in: 2.1.1, 1.5.1
All affected versions: 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 2.0.0, 2.0.1, 2.1.0
All unaffected versions: 1.5.1, 2.1.1, 2.2.0