Permalink
CVE-2024-37116
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3.
References
Affected products
sinatra
- =<1.3
Matching in nixpkgs
pkgs.rubyPackages.sinatra
None
-
nixos-unstable -
- nixpkgs-unstable 4.1.1
pkgs.rubyPackages_3_1.sinatra
None
-
nixos-unstable -
- nixpkgs-unstable 4.1.1
pkgs.rubyPackages_3_2.sinatra
None
-
nixos-unstable -
- nixpkgs-unstable 4.1.1
pkgs.rubyPackages_3_3.sinatra
None
-
nixos-unstable -
- nixpkgs-unstable 4.1.1
pkgs.rubyPackages_3_4.sinatra
None
-
nixos-unstable -
- nixpkgs-unstable 4.1.1