{"id":"GHSA-752c-vfpf-cp2w","summary":"openark/orchestrator cross-site scripting vulnerability","details":"resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.","aliases":["CVE-2021-27940"],"modified":"2023-11-01T04:54:57.515408Z","published":"2022-05-24T22:01:28Z","database_specific":{"github_reviewed_at":"2023-07-10T23:44:00Z","cwe_ids":["CWE-79"],"severity":"MODERATE","github_reviewed":true,"nvd_published_at":"2021-03-03T22:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27940"},{"type":"WEB","url":"https://github.com/openark/orchestrator/pull/1313"},{"type":"WEB","url":"https://github.com/openark/orchestrator/commit/76ceb6b0e013e1e815eb008dec90295860b06cf3"},{"type":"WEB","url":"https://github.com/openark/orchestrator/releases/tag/v3.2.4"}],"affected":[{"package":{"name":"github.com/openark/orchestrator","ecosystem":"Go","purl":"pkg:golang/github.com/openark/orchestrator"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.2.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-752c-vfpf-cp2w/GHSA-752c-vfpf-cp2w.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}