Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wN3JtLWdoOWctNWZyOM4AAkx_
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
Permalink: https://github.com/advisories/GHSA-p7rm-gh9g-5fr8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wN3JtLWdoOWctNWZyOM4AAkx_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 11 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-p7rm-gh9g-5fr8, CVE-2020-13459
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-13459
- https://github.com/verbb/image-resizer/blob/craft-3/CHANGELOG.md
- https://github.com/advisories/GHSA-p7rm-gh9g-5fr8
Blast Radius: 6.6
Affected Packages
packagist:verbb/image-resizer
Dependent packages: 5Dependent repositories: 17
Downloads: 214,279 total
Affected Version Ranges: < 2.0.9
Fixed in: 2.0.9
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8
All unaffected versions: 2.0.9, 2.0.10, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11