Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2025-49249

6.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): None (N)

updated 4 months, 4 weeks ago by @LeSuisse Activity log

Created suggestion 4 months, 4 weeks ago
@LeSuisse ignored
9 packages
- python313Packages.dronecan
- python312Packages.dronecan
- drone-runner-docker
- drone-runner-ssh
- drone-runner-exec
- drone-oss
- drone-scp
- drone-cli
- drone
4 months, 4 weeks ago
@LeSuisse dismissed 4 months, 4 weeks ago

WordPress Drone theme <= 1.40 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40.

References

https://patchstack.com/database/Wordpress/Theme/drone/vulnerability/wordpress-d… vdb-entry

Affected products

drone

=<<= 1.40

Ignored packages (9)

pkgs.drone

Continuous Integration platform built on container technology

nixos-unstable 2.26.0
- nixpkgs-unstable 2.26.0
- nixos-unstable-small 2.26.0

pkgs.drone-cli

Command line client for the Drone continuous integration server

nixos-unstable 1.9.0
- nixpkgs-unstable 1.9.0
- nixos-unstable-small 1.9.0

pkgs.drone-oss

Continuous Integration platform built on container technology

nixos-unstable 2.26.0
- nixpkgs-unstable 2.26.0
- nixos-unstable-small 2.26.0

pkgs.drone-scp

Copy files and artifacts via SSH using a binary, docker or Drone CI

nixos-unstable 1.8.0
- nixpkgs-unstable 1.8.0
- nixos-unstable-small 1.8.0

pkgs.drone-runner-ssh

Experimental Drone runner that executes a pipeline on a remote machine

nixos-unstable 2022-12-22
- nixpkgs-unstable 2022-12-22
- nixos-unstable-small 2022-12-22

pkgs.drone-runner-exec

Drone pipeline runner that executes builds directly on the host machine

nixos-unstable 2020-04-19
- nixpkgs-unstable 2020-04-19
- nixos-unstable-small 2020-04-19

pkgs.drone-runner-docker

Drone pipeline runner that executes builds inside Docker containers

nixos-unstable 1.8.4
- nixpkgs-unstable 1.8.4
- nixos-unstable-small 1.8.4

pkgs.python312Packages.dronecan

Python implementation of the DroneCAN v1 protocol stack

nixos-unstable 1.0.27
- nixpkgs-unstable 1.0.27
- nixos-unstable-small 1.0.27

pkgs.python313Packages.dronecan

Python implementation of the DroneCAN v1 protocol stack

nixos-unstable 1.0.27
- nixpkgs-unstable 1.0.27
- nixos-unstable-small 1.0.27

WP theme not present in nixpkgs