x/vulndb: potential Go vuln in github.com/j3ssie/osmedeus: GHSA-wvv7-wm5v-w2gv

[GoVulnBot]

Advisory GHSA-wvv7-wm5v-w2gv references a vulnerability in the following Go modules:

Module
github.com/j3ssie/osmedeus

Description:

Summary

XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server.

Details

When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the general-template.md template.

<p align="center">
  <a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a>
  <br />
  <br />
  <strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{Curre...

References:
- ADVISORY: https://github.com/advisories/GHSA-wvv7-wm5v-w2gv
- ADVISORY: https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv
- WEB: https://drive.google.com/file/d/1u-YowfzFV1tUqLaZk4s4Y1DykFhJZ8gR/view?usp=sharing

No existing reports found with this module or alias.
See [doc/quickstart.md](https://github.com/golang/vulndb/blob/master/doc/quickstart.md) for instructions on how to triage this report.

id: GO-ID-PENDING modules:

• module: github.com/j3ssie/osmedeus vulnerable_at: 0.0.0-20240404115937-815c261d44f6 summary: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE in github.com/j3ssie/osmedeus cves:
• CVE-2024-51735 ghsas:
• GHSA-wvv7-wm5v-w2gv references:
• advisory: https://github.com/advisories/GHSA-wvv7-wm5v-w2gv
• advisory: https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv
• web: https://drive.google.com/file/d/1u-YowfzFV1tUqLaZk4s4Y1DykFhJZ8gR/view?usp=sharing source: id: GHSA-wvv7-wm5v-w2gv created: 2024-11-05T16:01:35.170524614Z review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/625955 mentions this issue: data/reports: add 4 unreviewed reports