GHSA-4532-pmx7-9ww7
First published: Tue Nov 14 2023(Updated: )
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/cesium | <=1.111.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of GHSA-4532-pmx7-9ww7?
The severity of GHSA-4532-pmx7-9ww7 is medium with a severity value of 6.1.
How does the cross-site scripting (XSS) vulnerability in CesiumJS v1.111 impact users?
The cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser, posing a significant security risk.
Which software versions are affected by the GHSA-4532-pmx7-9ww7 vulnerability?
The GHSA-4532-pmx7-9ww7 vulnerability affects CesiumJS v1.111.0.
How can an attacker exploit the GHSA-4532-pmx7-9ww7 vulnerability?
An attacker can exploit the GHSA-4532-pmx7-9ww7 vulnerability by sending a crafted payload to /container_files/public_html/doc/index.html, allowing them to execute arbitrary code in the victim's browser.
Is there a fix available for the GHSA-4532-pmx7-9ww7 vulnerability?
It is recommended to update CesiumJS to a version that is not affected by the GHSA-4532-pmx7-9ww7 vulnerability to mitigate the risk.
- collector/github-advisory-latest
- alias/GHSA-4532-pmx7-9ww7
- alias/CVE-2023-48094
- collector/github-advisory
- package-manager/npm