CVE-2017-1000442: Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar
(updated )
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
References
- github.com/FriendsOfPHP/security-advisories/blob/master/passbolt/passbolt_api/CVE-2017-1000442.yaml
- github.com/advisories/GHSA-j2fp-9wp5-mg66
- github.com/passbolt/passbolt_api
- github.com/passbolt/passbolt_api/commit/f5eb93485a90195439e12aa8072f45ceb37b19c3
- nvd.nist.gov/vuln/detail/CVE-2017-1000442
- www.passbolt.com/incidents/20170914_xss_on_resource_urls
- www.passbolt.com/release/notes
Code Behaviors & Features
Detect and mitigate CVE-2017-1000442 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →