Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5NnAtdjNjci1nZnY4
Cross-site Scripting (XSS) in @scullyio/scully
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
Permalink: https://github.com/advisories/GHSA-r96p-v3cr-gfv8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5NnAtdjNjci1nZnY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: almost 2 years ago
CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-r96p-v3cr-gfv8, CVE-2020-28470
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-28470
- https://github.com/scullyio/scully/pull/1182
- https://snyk.io/vuln/SNYK-JS-SCULLYIOSCULLY-1055829
- https://github.com/advisories/GHSA-r96p-v3cr-gfv8
Blast Radius: 20.0
Affected Packages
npm:@scullyio/scully
Dependent packages: 14Dependent repositories: 548
Downloads: 13,002 last month
Affected Version Ranges: < 1.0.9
Fixed in: 1.0.9
All affected versions: 0.0.1, 0.0.2, 0.0.25, 0.0.26, 0.0.27, 0.0.28, 0.0.29, 0.0.30, 0.0.31, 0.0.32, 0.0.33, 0.0.34, 0.0.35, 0.0.36, 0.0.37, 0.0.38, 0.0.39, 0.0.40, 0.0.41, 0.0.42, 0.0.43, 0.0.44, 0.0.45, 0.0.46, 0.0.47, 0.0.49, 0.0.51, 0.0.52, 0.0.53, 0.0.54, 0.0.55, 0.0.56, 0.0.57, 0.0.58, 0.0.59, 0.0.60, 0.0.61, 0.0.62, 0.0.63, 0.0.64, 0.0.65, 0.0.66, 0.0.67, 0.0.68, 0.0.69, 0.0.70, 0.0.71, 0.0.72, 0.0.73, 0.0.75, 0.0.78, 0.0.79, 0.0.80, 0.0.81, 0.0.82, 0.0.83, 0.0.84, 0.0.85, 0.0.86, 0.0.87, 0.0.88, 0.0.89, 0.0.90, 0.0.91, 0.0.92, 0.0.93, 0.0.94, 0.0.95, 0.0.96, 0.0.97, 0.0.98, 0.0.99, 0.0.101, 0.0.102, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8
All unaffected versions: 1.0.9, 1.0.10, 1.0.11, 1.1.0, 1.1.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.16, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.24, 2.1.25, 2.1.26, 2.1.28, 2.1.29, 2.1.32, 2.1.36, 2.1.41