CVE-2023-50137: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 14, 2023 (updated December 15, 2023)

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.

References

github.com/advisories/GHSA-xv7p-jw46-8r85
github.com/yukino-hiki/CVE/blob/main/3/There%20is%20a%20storage%20type%20xss%20in%20the%20site%20management%20office.md
nvd.nist.gov/vuln/detail/CVE-2023-50137

Code Behaviors & Features

Detect and mitigate CVE-2023-50137 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →