From bbf39caa196eccaf304e293b426a3e381c5614ab Mon Sep 17 00:00:00 2001 From: Pierre Rudloff Date: Mon, 19 May 2025 21:40:24 +0200 Subject: [PATCH] Improve GHSA-fxpc-qmrh-7j2h --- .../GHSA-fxpc-qmrh-7j2h.json | 33 +++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/advisories/unreviewed/2025/05/GHSA-fxpc-qmrh-7j2h/GHSA-fxpc-qmrh-7j2h.json b/advisories/unreviewed/2025/05/GHSA-fxpc-qmrh-7j2h/GHSA-fxpc-qmrh-7j2h.json index a9ea93b04b4dd..1e7d4d5d4f953 100644 --- a/advisories/unreviewed/2025/05/GHSA-fxpc-qmrh-7j2h/GHSA-fxpc-qmrh-7j2h.json +++ b/advisories/unreviewed/2025/05/GHSA-fxpc-qmrh-7j2h/GHSA-fxpc-qmrh-7j2h.json @@ -1,26 +1,53 @@ { "schema_version": "1.4.0", "id": "GHSA-fxpc-qmrh-7j2h", - "modified": "2025-05-15T21:31:28Z", + "modified": "2025-05-15T21:31:36Z", "published": "2025-05-15T21:31:28Z", "aliases": [ "CVE-2024-11718" ], + "summary": "Author+ Stored XSS", "details": "The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", "severity": [], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "couleurcitron/tarteaucitron-wp" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.3.0" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11718" }, + { + "type": "WEB", + "url": "https://bitbucket.org/ccitron/tarteaucitron-wp" + }, { "type": "WEB", "url": "https://wpscan.com/vulnerability/02da3a49-20e4-4476-a78d-4c627994a90a" } ], "database_specific": { - "cwe_ids": [], + "cwe_ids": [ + "CWE-79" + ], "severity": null, "github_reviewed": false, "github_reviewed_at": null,