GHSA-4p8f-mmfj-r45g

Source

https://github.com/advisories/GHSA-4p8f-mmfj-r45g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/08/GHSA-4p8f-mmfj-r45g/GHSA-4p8f-mmfj-r45g.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-4p8f-mmfj-r45g

Aliases

CVE-2018-20975

Published

2019-08-21T16:15:04Z

Modified

2023-11-01T04:49:23.002914Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in fat_free_crm

Details

Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb.

Database specific

{
    "nvd_published_at": "2019-08-20T13:15:00Z",
    "github_reviewed_at": "2019-08-21T15:48:24Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true
}

References

Affected packages

RubyGems / fat_free_crm

Package

Name: fat_free_crm
Purl: pkg:gem/fat_free_crm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.18.1

Affected versions

0.*

0.11.0

0.11.1

0.11.2

0.11.3

0.11.4

0.12.0

0.12.1

0.12.2

0.12.3

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.14.0

0.14.1

0.14.2

0.15.0.beta

0.15.0.beta.2

0.15.0

0.15.1

0.15.2

0.16.0

0.16.1

0.16.2

0.16.3

0.16.4

0.17.1

0.17.2

0.17.3

0.18.0