CVE-2022-24717 Information

Jun 07, 2022 cve

Description

ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5 a cross site scripting (XSS) issue can occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time there is a patch in version 0.1.5.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5 https://github.com/Finastra/ssr-pages/pull/2 https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073 https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: