CVE-2023-31506: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 9, 2024 (updated February 16, 2024)

A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.

References

github.com/advisories/GHSA-xrf8-cmrg-7436
m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506
nvd.nist.gov/vuln/detail/CVE-2023-31506

Code Behaviors & Features

Detect and mitigate CVE-2023-31506 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →