Nixpkgs Security Tracker

Permalink CVE-2024-49241

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress Tito plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tady Walsh Tito allows DOM-Based XSS.This issue affects Tito: from n/a through 2.3.

References

https://patchstack.com/database/vulnerability/tito/wordpress-tito-plugin-2-3-cr… vdb-entry

Affected products

tito

=<2.3

Matching in nixpkgs

pkgs.flatito

Grep for keys in YAML and JSON files

nixos-unstable -
- nixpkgs-unstable 0.1.1

pkgs.adif-multitool

Command-line program for working with ham logfiles

nixos-unstable -
- nixpkgs-unstable 0.1.20

pkgs.vimPlugins.nvim-treesitter-parsers.chatito

None

nixos-unstable -
- nixpkgs-unstable

pkgs.python312Packages.sphinx-multitoc-numbering

Supporting continuous HTML section numbering

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.python313Packages.sphinx-multitoc-numbering