What is GHSA-7q3g-gccm-822q?

GHSA-7q3g-gccm-822q is a security advisory published by GitHub Security Advisories with Medium severity. CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers...

Which CVE IDs does GHSA-7q3g-gccm-822q cover?

GHSA-7q3g-gccm-822q covers the following CVE IDs: CVE-2021-47955. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7q3g-gccm-822q?

GHSA-7q3g-gccm-822q has a CVSS v3 base score of 5.4, published by GitHub Security Advisories.

GHSA-7q3g-gccm-822qMediumCVSS 5.4

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2021-47955 →

📋 Description

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which are then executed in users' browsers when the files are accessed or previewed.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2021-47955
https://github.com/CouchCMS/CouchCMS
https://www.exploit-db.com/exploits/49636
https://www.vulncheck.com/advisories/couchcms-cross-site-scripting-via-svg-file-upload
https://github.com/advisories/GHSA-7q3g-gccm-822q