{"id":"GHSA-grqx-r2q2-j425","summary":"FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function","details":"A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.","aliases":["CVE-2024-42818"],"modified":"2024-08-26T21:59:02.092020Z","published":"2024-08-26T18:33:33Z","database_specific":{"nvd_published_at":"2024-08-26T16:15:09Z","github_reviewed_at":"2024-08-26T21:37:40Z","cwe_ids":["CWE-79"],"github_reviewed":true,"severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42818"},{"type":"WEB","url":"https://github.com/fastapi-admin/fastapi-admin/issues/172"},{"type":"WEB","url":"https://fastapi-admin-pro.long2ice.io/admin/login"},{"type":"PACKAGE","url":"https://github.com/fastapi-admin/fastapi-admin"}],"affected":[{"package":{"name":"fastapi-admin","ecosystem":"PyPI","purl":"pkg:pypi/fastapi-admin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.1.4"}]}],"versions":["0.1.1","0.1.2","0.1.3","0.1.4"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-grqx-r2q2-j425/GHSA-grqx-r2q2-j425.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}]}