CVE-2013-4492: Reflective XSS Vulnerability

December 6, 2013 (updated December 30, 2016)

When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.

Code Behaviors & Features

Detect and mitigate CVE-2013-4492 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →