CVE-2018-7261 (radiant): Multiple persistent XSS vulnerabilities in Radiant CMS

Multiple persistent XSS vulnerabilities in Radiant CMS

Published: February 19, 2018

SECURITY IDENTIFIERS

CVE: CVE-2018-7261 (NVD)
GHSA: GHSA-gp82-xr77-88f4
Vendor Advisory: https://github.com/radiant/radiant/issues/412

GEM

radiant

SEVERITY

CVSS v3.x: 5.4 (Medium)

CVSS v2.0: 3.5 (Low)

PATCHED VERSIONS

None available.

DESCRIPTION

There are multiple Persistent XSS vulnerabilities in Radiant CMS. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).

RubySec