Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwODIteHI3Ny04OGY0

radiant vulnerable to Cross-site Scripting

There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).

Permalink: https://github.com/advisories/GHSA-gp82-xr77-88f4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwODIteHI3Ny04OGY0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 6 years ago
Updated: almost 2 years ago

CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-gp82-xr77-88f4, CVE-2018-7261
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-7261
• https://web.archive.org/web/20200227130121/http://www.securityfocus.com/bid/103080
• https://web.archive.org/web/20201209055741/http://www.securityfocus.com/archive/1/541798/100/0/threaded
• https://github.com/advisories/GHSA-gp82-xr77-88f4

Blast Radius: 9.2

Affected Packages