GHSA-xgpf-p52j-pf7m

Source

https://github.com/advisories/GHSA-xgpf-p52j-pf7m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-xgpf-p52j-pf7m

Aliases

CVE-2021-27938

Published

2021-03-24T17:42:02Z

Modified

2024-12-02T05:46:46.860268Z

Summary

XSS in CreateQueuedJobTask

Details

A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed_at": "2021-03-24T17:41:15Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2021-03-16T16:15:00Z"
}

References

Affected packages

Packagist

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.2

Affected versions

3.*

3.0.0

3.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.4

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.7

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.2

Affected versions

4.*

4.1.0

4.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.4

Affected versions

4.*

4.2.0

4.2.1

4.2.2

4.2.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.3

Affected versions

4.*

4.4.0

4.4.1

4.4.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.1

Affected versions

4.*

4.5.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"

symbiote/silverstripe-queuedjobs

Package

Name: symbiote/silverstripe-queuedjobs
Purl: pkg:composer/symbiote/silverstripe-queuedjobs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6.0

Fixed

4.6.4

Affected versions

4.*

4.6.0

4.6.1

4.6.2

4.6.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-xgpf-p52j-pf7m/GHSA-xgpf-p52j-pf7m.json"