Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-37492

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress Gutenberg plugin <= 18.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutenberg Team Gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through 18.6.0.

References

https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plu… vdb-entry
https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plu… vdb-entry
https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plu… vdb-entry
https://patchstack.com/database/vulnerability/gutenberg/wordpress-gutenberg-plu… vdb-entry x_transferred

Affected products

gutenberg

=<18.6.0

Matching in nixpkgs

pkgs.nltk-data.gutenberg

NLTK Data

nixos-unstable -
- nixpkgs-unstable 0-unstable-2024-07-29

pkgs.wordpressPackages.plugins.gutenberg

None

nixos-unstable -
- nixpkgs-unstable 20.6.0

pkgs.haskellPackages.gutenberg-fibonaccis

The first 1001 Fibonacci numbers, retrieved from the Gutenberg Project

nixos-unstable -
- nixpkgs-unstable 1.1.0

Package maintainers

@happysalada Raphael Megzari <raphael@megzari.com>
@bengsparks Ben Sparks <benjamin.sparks@protonmail.com>