{"id":"CVE-2016-1229","details":"Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.","modified":"2026-04-10T03:50:30.575680Z","published":"2016-06-05T01:59:03.297Z","references":[{"type":"ADVISORY","url":"http://jvn.jp/en/jp/JVN56167268/index.html"},{"type":"ADVISORY","url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000068"},{"type":"FIX","url":"https://github.com/humhub/humhub/releases/tag/v1.0.0-beta.3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/humhub/humhub","events":[{"introduced":"0"},{"last_affected":"306549ddfb566651bc98030d503a2a2e78c8848a"},{"introduced":"0"},{"last_affected":"6ab6c0a923800ead877d5f222a51f5f4236d889a"},{"fixed":"fbcfcbbb4469542d6730fd069c8d2e42ac2bed2e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.20.0"},{"introduced":"0"},{"last_affected":"0.20.1"}]}}],"versions":["v0.11.0","v0.11.1","v0.11.2","v0.20.0","v0.20.0-beta.1","v0.20.1","v0.9.0","v0.9.0-rc.1","v0.9.0-rc.2","v1.0.0-beta.1","v1.0.0-beta.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1229.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.20.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.20.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.0.0-beta2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}