CVE-2016-1000007EUVD-2016-101607.10.2016, 18:59Pagure 2.2.1 XSS in raw file endpointCross-site ScriptingEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary6.1 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: 46%Affected Products (NVD)VendorProductVersionredhatpagure2.2.1𝑥= Vulnerable software versionsDebian ReleasesDebian ProductCodenamepagurebookworm5.11.3+dfsg-2.1fixedbullseye5.11.3+dfsg-1fixedsid5.11.3+dfsg-3fixedCommon Weakness EnumerationCWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Referenceshttps://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patchhttps://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77.patch
