CVE-2018-7261 – radiant

Package

Manager: gem
Name: radiant
Vulnerable Version: =1.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00195 pctl0.41586

Details

radiant vulnerable to Cross-site Scripting There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).

Metadata

Created: 2018-07-27T17:08:29Z
Modified: 2023-01-26T20:57:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-gp82-xr77-88f4/GHSA-gp82-xr77-88f4.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-gp82-xr77-88f4
Finding: F425
Auto approve: 1