{"id":"CVE-2017-6486","details":"A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the \"reasoncms-master/www/nyroModal/demoSent.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.","modified":"2026-04-10T04:02:36.374572Z","published":"2017-03-05T20:59:00.463Z","references":[{"type":"ADVISORY","url":"https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1"},{"type":"FIX","url":"https://github.com/reasoncms/reasoncms/issues/264"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/reasoncms/reasoncms","events":[{"introduced":"0"},{"last_affected":"fa0b0cc49183af587a4a17ce547e5c81d0352128"},{"fixed":"22e74e284787b04dd6d466653af03e0302b68d43"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.7"}]}}],"versions":["v4.0","v4.1","v4.2","v4.3","v4.4","v4.5","v4.7","v4.7-rc","v4.7-rc.2","v4.7-rc.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6486.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}