Description

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060.

Related CPE's

a

nrel

api_umbrella_web

0.7.1

Vulnerable

References

https://github.com/NREL/api-umbrella-web/commit/bcc0e922c61d30367678c8f17a435950969315cd

PatchThird Party Advisory

https://github.com/NREL/api-umbrella-web/releases/tag/v0.8.0

Release NotesThird Party Advisory

https://vuldb.com/?ctiid.220060

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.220060

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-02-04T04:15:08.727

1 year ago

Last modified

2024-05-17T01:03:04.667

2 months ago