Vulnerability Description
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Galileo Cms Project | Galileo Cms | 0.042 |
Related Weaknesses (CWE)
References
- https://github.com/jberger/Galileo/pull/55/filesThird Party Advisory
- https://metacpan.org/changes/distribution/GalileoThird Party Advisory
- https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_VulnerabiliThird Party Advisory
- https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMPatchThird Party Advisory
- https://github.com/jberger/Galileo/pull/55/filesThird Party Advisory
- https://metacpan.org/changes/distribution/GalileoThird Party Advisory
- https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_VulnerabiliThird Party Advisory
- https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMPatchThird Party Advisory
FAQ
What is CVE-2019-7410?
CVE-2019-7410 is a vulnerability with a CVSS score of 6.1 (MEDIUM). There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep...
How severe is CVE-2019-7410?
CVE-2019-7410 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7410?
Check the references section above for vendor advisories and patch information. Affected products include: Galileo Cms Project Galileo Cms.