CVE-2023-6027: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

November 30, 2023 (updated December 6, 2023)

A critical flaw has been identified in elijaa/phpmemcachedadmin affecting version 1.3.0, specifically related to a stored XSS vulnerability. This vulnerability allows malicious actors to insert a carefully crafted JavaScript payload. The issue arises from improper encoding of user-controlled entries in the “/pmcadmin/configure.php” parameter.

References

nvd.nist.gov/vuln/detail/CVE-2023-6027
www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-phpmemcachedadmin

Code Behaviors & Features

Detect and mitigate CVE-2023-6027 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →