[MAVEN:GHSA-7PFC-CC9X-8P4M] Apache Isis Cross-site Scripting vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release, the inputted strings are properly escaped when rendered.
| Package | Affected Version |
|---|---|
 pkg:maven/org.apache.isis.core/isis-core
|
< 2.0.0-M9 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/org.apache.isis.core/isis-core
|
= 2.0.0-M9 |
- ID
- MAVEN:GHSA-7PFC-CC9X-8P4M
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-7pfc-cc9x-8p4m
- Published
-
2022-10-19T12:00:18
(23 months ago) - Modified
-
2023-02-02T05:08:14
(19 months ago) - Rights
- Maven Security Team
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |