GHSA-vmgw-24w6-9v82

Suggest an improvement
Source
https://github.com/advisories/GHSA-vmgw-24w6-9v82
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-vmgw-24w6-9v82/GHSA-vmgw-24w6-9v82.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vmgw-24w6-9v82
Aliases
  • CVE-2025-30081
Published
2025-03-19T02:15:29Z
Modified
2025-03-19T03:43:23.541685Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C CVSS Calculator
Summary
Clickstorm SEO Allows Cross-Site Scripting (XSS)
Details

A cross-site scripting (XSS) vulnerability has been discovered in the Clickstorm SEO extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Updates 6.7.0, 7.4.0, 8.3.0 and 9.2.0 are available for download.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-19T02:15:29Z"
}
References

Affected packages

Packagist / clickstorm/cs-seo

Package

Name
clickstorm/cs-seo
Purl
pkg:composer/clickstorm/cs-seo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Fixed
9.2.0

Affected versions

9.*

9.0.0
9.0.1
9.1.0

Packagist / clickstorm/cs-seo

Package

Name
clickstorm/cs-seo
Purl
pkg:composer/clickstorm/cs-seo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.3.0

Affected versions

8.*

8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.2.0
8.2.1

Packagist / clickstorm/cs-seo

Package

Name
clickstorm/cs-seo
Purl
pkg:composer/clickstorm/cs-seo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.4.0

Affected versions

7.*

7.0.0
7.0.1
7.1.0
7.2.0
7.2.1
7.3.0
7.3.1
7.3.2
7.3.3

Packagist / clickstorm/cs-seo

Package

Name
clickstorm/cs-seo
Purl
pkg:composer/clickstorm/cs-seo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.7.0

Affected versions

6.*

6.0.0
6.1.0
6.1.1
6.2.0
6.2.1
6.3.0
6.3.1
6.3.2
6.4.0
6.4.1
6.5.0
6.6.0