Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2017-0146
Good to know:
Date: January 12, 2013
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version bigfoot/bigfoot - dev-circle-ci;bigfoot/bigfoot - dev-master;wisnubaldas/baldas-module - 1.2.1;wisnubaldas/baldas-module - 1.0;tungphan/yii-demo - no_fix;synergy/pagebuilder - v6.1.0;synergy/pagebuilder - dev-dependabot/composer/monolog/monolog-1.26.1;synergy/pagebuilder - v3.2.0;synergy/pagebuilder - dev-dependabot/composer/laminas/laminas-server-2.11.1;synergy/pagebuilder - v3.0.0;synergy/pagebuilder - v2.0.0;synergy/pagebuilder - dev-dependabot/composer/laminas/laminas-component-installer-2.6.0;synergy/pagebuilder - v1.1;synergy/pagebuilder - dev-dependabot/composer/guzzlehttp/psr7-2.2.1;synergy/pagebuilder - dev-dependabot/composer/laminas/laminas-i18n-resources-2.8.0;synergy/pagebuilder - v1.0;iphp/core-bundle - v0.1.24;iphp/core-bundle - no_fix;sylius/sylius - dev-dependabot/composer/psalm/plugin-mockery-0.11.0;sylius/sylius - dev-dependabot/composer/psalm/plugin-mockery-0.9.1;sylius/sylius - dev-dependabot/composer/knplabs/gaufrette-tw-0.9;sylius/sylius - dev-dependabot/composer/psalm/plugin-mockery-0.7.0;sylius/sylius - dev-dependabot/composer/symfonycasts/dynamic-forms-v0.1.2;bigfoot/core-bundle - no_fix;bigfoot/core-bundle - v2.2.0;bigfoot/core-bundle - 1.0.0;yinhe/yincart - no_fix;steffenbrem/sylius - v0.11.0;steffenbrem/sylius - dev-develop;steffenbrem/sylius - dev-fix-product-variants-removal;steffenbrem/sylius - dev-feature/add-required-locales-option-sylius-translations-type;steffenbrem/sylius - dev-bugfix-typo;brave-guo1979/zhcms - no_fix;argayash/core-bundle - no_fix;n7consulting/jeyser-crm - 2.0.0-beta.1;lzdv/init-cms-bundle - 2.1.2;lzdv/init-cms-bundle - 2.1.3;pixel418/staq - dev-master;pixel418/staq - no_fix;robmasters/genemu-sandbox-bundle - no_fix;skullyframework/skully-amazon-s3 - no_fix;clevertech/yii-booster - 2.0.0.x-dev;interact/cms - no_fix;silverstripe/select2 - 2.0.x-dev;odiseoteam/sylius - v0.11.0;alanvaill/laravel-profiler-admin - no_fix;gleez/cms - 1.0.1;zorbus/bootstrap - no_fix;interactm/cms - no_fix;veonik/blog-bundle - no_fix;networking/init-cms-bundle - 2.3.x-dev;gomvc-admin-lucultura/gomvc-admin-lucultura - no_fix;pimientadigital/yii-booster - 2.0.0.x-dev;bolt/bolt - v1.1.2;slave/calendar - no_fix;sunra/angularjs-symfony2-bundle - no_fix;orchestra/foundation - v2.0.20;javanile/vtiger-core - no_fix;automattic/co-authors-plus - 3.1.2;Select2.js - 3.3.2;7rin0/bigfoot-core-bundle - no_fix;greenpower/asset-bundle - no_fix;malmo/engine - no_fix;skullyframework/project - 0.1.x-dev;sheadawson/silverstripe-select2 - 2.0.x-dev;zhangyingxi/zyxhome - no_fix;Supwin.ServiceFramework.BaseServices - no_fix;org.webjars.bower:angular-ui:no_fix;org.webjars:select2:3.3.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |