Nixpkgs security tracker

Dismissed

Permalink CVE-2025-62137

6.5 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 4 months, 4 weeks ago by @LeSuisse Activity log

Created suggestion 4 months, 4 weeks ago
@LeSuisse ignored
2 packages
- sshuttle
- cargo-shuttle
4 months, 4 weeks ago
@LeSuisse dismissed 4 months, 4 weeks ago

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shuttlethemes Shuttle allows Stored XSS.This issue affects Shuttle: from n/a through 1.5.0.

References

Affected products

shuttle

=<1.5.0

Ignored packages (2)

pkgs.sshuttle

Transparent proxy server that works as a poor man's VPN

nixos-unstable 1.3.2
- nixpkgs-unstable 1.3.2
- nixos-unstable-small 1.3.2

pkgs.cargo-shuttle

Cargo command for the shuttle platform

nixos-unstable 0.57.3
- nixpkgs-unstable 0.57.3
- nixos-unstable-small 0.57.3

WP theme not present in nixpkgs

Suggestion detail

References

Affected products

pkgs.sshuttle

pkgs.cargo-shuttle