Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: astral

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-3534
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 1 week, 4 days ago
Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escaping in the `astra_get_responsive_background_obj()` function for four CSS-context sub-properties (`background-color`, `background-image`, `overlay-color`, `overlay-gradient`). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

Affected products

Astra
  • =<4.12.3

Matching in nixpkgs

pkgs.varunastra

Tool to enhance the security of Docker environments

pkgs.gnomeExtensions.astra-monitor

Astra Monitor is a cutting-edge, fully customizable, and performance-focused system monitoring extension for GNOME's top bar. It's an all-in-one solution for those seeking to keep a close eye on their system's performance metrics like CPU, GPU, RAM, disk usage, network statistics, and sensor readings.

  • nixos-unstable 55
    • nixpkgs-unstable 55
    • nixos-unstable-small 55
  • nixos-25.11 53
    • nixos-25.11-small 53
    • nixpkgs-25.11-darwin 53

Package maintainers

Permalink CVE-2024-29768
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
WordPress Astra theme <= 4.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra allows Stored XSS.This issue affects Astra: from n/a through 4.6.4.

References

Affected products

astra
  • =<4.6.4

Matching in nixpkgs

pkgs.astral

Tool for estimating an unrooted species tree given a set of unrooted gene trees

  • nixos-unstable -

pkgs.gnomeExtensions.astra-monitor

Astra Monitor is a cutting-edge, fully customizable, and performance-focused system monitoring extension for GNOME's top bar. It's an all-in-one solution for those seeking to keep a close eye on their system's performance metrics like CPU, GPU, RAM, disk usage, network statistics, and sensor readings.

  • nixos-unstable -
    • nixpkgs-unstable 51

Package maintainers