GHSA-fh5c-7gmg-xmp6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fh5c-7gmg-xmp6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fh5c-7gmg-xmp6/GHSA-fh5c-7gmg-xmp6.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-fh5c-7gmg-xmp6
- Aliases
-
- CVE-2015-1864
- PYSEC-2017-17
- Published
- 2022-05-13T01:26:14Z
- Modified
- 2024-09-27T16:17:46.403115Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Kallithea cross-site scripting (XSS) vulnerability
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
- Database specific
{ "nvd_published_at": "2017-09-19T15:29:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-29T16:08:08Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-1864
- https://github.com/msabramo/kallithea
- https://github.com/pypa/advisory-database/tree/main/vulns/kallithea/PYSEC-2017-17.yaml
- https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55
- https://kallithea-scm.org/security/cve-2015-1864.html
- https://web.archive.org/web/20200228161446/http://www.securityfocus.com/bid/74184
- http://www.openwall.com/lists/oss-security/2015/04/14/12
- http://www.securityfocus.com/bid/74184
Affected packages
PyPI / kallithea
Package
- Name
- kallithea
- View open source insights on deps.dev
- Purl
- pkg:pypi/kallithea