CVE-2023-31144: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 9, 2023 (updated May 16, 2023)

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in craftcms/cms.

References

github.com/advisories/GHSA-j4mx-98hw-6rv6
github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442
github.com/craftcms/cms/commit/e2f7e7b7d86a0afa54ce855375d13c7760670764
github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6

Code Behaviors & Features

Detect and mitigate CVE-2023-31144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →