cnvd - cnvd-2021-84590

CNVD-2021-84590

Vulnerability from cnvd - Published: 2021-11-06

Title

Galette跨站脚本漏洞

Description

Galette是开源的一个面向非营利组织的会员管理网络应用程序。 Galette在0.9.5之前版本存在跨站脚本漏洞，该漏洞源于对用户提供的数据和输出的数据的缺少校验过滤。攻击者可以存储恶意javascript代码并在自订阅页面上显示。

Severity

低

Patch Name

Galette跨站脚本漏洞的补丁

Patch Description

Galette是开源的一个面向非营利组织的会员管理网络应用程序。 Galette在0.9.5之前版本存在跨站脚本漏洞，该漏洞源于对用户提供的数据和输出的数据的缺少校验过滤。攻击者可以存储恶意javascript代码并在自订阅页面上显示。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-21319

Impacted products

Name
Galette Galette <0.9.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21319",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21319"
    }
  },
  "description": "Galette\u662f\u5f00\u6e90\u7684\u4e00\u4e2a\u9762\u5411\u975e\u8425\u5229\u7ec4\u7ec7\u7684\u4f1a\u5458\u7ba1\u7406\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\n\nGalette\u57280.9.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u7684\u7f3a\u5c11\u6821\u9a8c\u8fc7\u6ee4\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5b58\u50a8\u6076\u610fjavascript\u4ee3\u7801\u5e76\u5728\u81ea\u8ba2\u9605\u9875\u9762\u4e0a\u663e\u793a\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-84590",
  "openTime": "2021-11-06",
  "patchDescription": "Galette\u662f\u5f00\u6e90\u7684\u4e00\u4e2a\u9762\u5411\u975e\u8425\u5229\u7ec4\u7ec7\u7684\u4f1a\u5458\u7ba1\u7406\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nGalette\u57280.9.5\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u548c\u8f93\u51fa\u7684\u6570\u636e\u7684\u7f3a\u5c11\u6821\u9a8c\u8fc7\u6ee4\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5b58\u50a8\u6076\u610fjavascript\u4ee3\u7801\u5e76\u5728\u81ea\u8ba2\u9605\u9875\u9762\u4e0a\u663e\u793a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Galette\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Galette Galette \u003c0.9.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-21319",
  "serverity": "\u4f4e",
  "submitTime": "2021-10-28",
  "title": "Galette\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2021-21319 (GCVE-0-2021-21319)

Vulnerability from cvelistv5 – Published: 2021-10-25 16:00 – Updated: 2024-08-03 18:09

Title

Several stored XSS

Summary

Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/galette/galette/security/advis…	x_refsource_CONFIRM
	https://github.com/galette/galette/commit/514418d…	x_refsource_MISC
	https://github.com/galette/galette/commit/8f3bdd9…	x_refsource_MISC
	https://github.com/galette/galette/commit/f54b257…	x_refsource_MISC
	https://bugs.galette.eu/issues/1535	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	galette	galette	Affected: < 0.9.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:15.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.galette.eu/issues/1535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "galette",
          "vendor": "galette",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-25T16:00:19",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.galette.eu/issues/1535"
        }
      ],
      "source": {
        "advisory": "GHSA-vjc9-mj44-x59q",
        "discovery": "UNKNOWN"
      },
      "title": "Several stored XSS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21319",
          "STATE": "PUBLIC",
          "TITLE": "Several stored XSS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "galette",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.9.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "galette"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround (this is the default state). Malicious javascript code can be executed (not stored) on login and retrieve password pages. This issue is patched in version 0.9.5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q",
              "refsource": "CONFIRM",
              "url": "https://github.com/galette/galette/security/advisories/GHSA-vjc9-mj44-x59q"
            },
            {
              "name": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6",
              "refsource": "MISC",
              "url": "https://github.com/galette/galette/commit/514418da973ae5b84bf97f94bd288a41e8e3f0a6"
            },
            {
              "name": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5",
              "refsource": "MISC",
              "url": "https://github.com/galette/galette/commit/8f3bdd9f7d0708466e011253064a867ca2b271a5"
            },
            {
              "name": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995",
              "refsource": "MISC",
              "url": "https://github.com/galette/galette/commit/f54b2570615d38d0302e937079233e52c2d80995"
            },
            {
              "name": "https://bugs.galette.eu/issues/1535",
              "refsource": "MISC",
              "url": "https://bugs.galette.eu/issues/1535"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-vjc9-mj44-x59q",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21319",
    "datePublished": "2021-10-25T16:00:19",
    "dateReserved": "2020-12-22T00:00:00",
    "dateUpdated": "2024-08-03T18:09:15.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-84590

CVE-2021-21319 (GCVE-0-2021-21319)

Tags

Sightings

Nomenclature