CVE-2022-24717
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ssr-pages is an HTML page builder for the purpose of server-side rendering (SSR). In versions prior to 0.1.5, a cross site scripting (XSS) issue can occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function. While there is no known workaround at this time, there is a patch in version 0.1.5.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Finastra | ssr-pages | < 0.1.5 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm
- https://github.com/Finastra/ssr-pages/pull/2
- https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
- https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Finastra/ssr-pages/security/advisories/GHSA-7f63-h6g3-7cwm
- https://github.com/Finastra/ssr-pages/pull/2
- https://github.com/Finastra/ssr-pages/pull/2/commits/133606ffaec2edd9918d9fba5771ed21da7876a5
- https://github.com/Finastra/ssr-pages/commit/98abc59e28fec48246be0d59ac144675d6361073
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.