CVE-2020-13459 – verbb/image-resizer

Package

Manager: composer
Name: verbb/image-resizer
Vulnerable Version: >=0 <2.0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00206 pctl0.42973

Details

Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

Metadata

Created: 2022-05-24T17:18:39Z
Modified: 2024-04-24T17:43:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p7rm-gh9g-5fr8/GHSA-p7rm-gh9g-5fr8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p7rm-gh9g-5fr8
Finding: F425
Auto approve: 1