{"id":"CVE-2019-7410","details":"There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).","modified":"2026-03-14T01:39:11.064914Z","published":"2020-08-14T14:15:12.347Z","references":[{"type":"ADVISORY","url":"https://github.com/jberger/Galileo/pull/55/files"},{"type":"ADVISORY","url":"https://metacpan.org/changes/distribution/Galileo"},{"type":"ADVISORY","url":"https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt"},{"type":"FIX","url":"https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jberger/galileo","events":[{"introduced":"0"},{"last_affected":"4820ebf4c74a5d97f727ed995759902075571abc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.042"}]}}],"versions":["0.001","0.002","0.0038","0.004","0.005","0.006","0.007","0.008","0.009","0.010","0.011","0.012","0.013","0.014","0.015","0.016","0.017","0.018","0.019","0.020","0.021","0.022","0.023","0.024","0.025","0.026","0.027","0.028","0.029","0.030","0.031","0.032","0.033","0.034","0.035","0.036","0.037","0.039","0.040","0.041","0.042"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7410.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}