CVE-2023-1885: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 5, 2023 (updated April 6, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

References

github.com/advisories/GHSA-xxm6-ff3x-v4vm
github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024
huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8
nvd.nist.gov/vuln/detail/CVE-2023-1885

Code Behaviors & Features

Detect and mitigate CVE-2023-1885 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →