{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51872?format=json","vulnerability_id":"VCID-ej7x-ar71-rqey","summary":"Read the Docs vulnerable to Cross-Site Scripting (XSS)\n### Impact\n\nThis vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain (readthedocs[.]org/readthedocs[.]com) by exploiting a vulnerability in the code that serves downloadable content from a project. \n\nExploiting this would have required the attacker to get a logged-in user to visit the malicious URL, which would have allowed the attacker to take control of the user's session with JavaScript (making requests to the API/site on behalf of the user). This URL would have looked something like `hxxps[:]//readthedocs[.]org/projects/attacker-project/downloads/html/version-with-javascript-attack/`.\n\n### Patches\n\nThis issue has been patched in our 8.8.1 release.","aliases":[{"alias":"GHSA-98pf-gfh3-x3mp"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://github.com/readthedocs/readthedocs.org","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/readthedocs/readthedocs.org"},{"reference_url":"https://github.com/readthedocs/readthedocs.org/commit/b0ae626acd13882170ec5888e35f3ef2e48e6ff6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/readthedocs/readthedocs.org/commit/b0ae626acd13882170ec5888e35f3ef2e48e6ff6"},{"reference_url":"https://github.com/readthedocs/readthedocs.org/security/advisories/GHSA-98pf-gfh3-x3mp","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/readthedocs/readthedocs.org/security/advisories/GHSA-98pf-gfh3-x3mp"},{"reference_url":"https://github.com/advisories/GHSA-98pf-gfh3-x3mp","reference_id":"GHSA-98pf-gfh3-x3mp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98pf-gfh3-x3mp"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej7x-ar71-rqey"}