CVE-2013-6348: XSS via malicious action parameter

November 2, 2013 (updated November 24, 2013)

Multiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to actionNames.action and showConfig.action in config-browser/.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348
issues.apache.org/jira/browse/WW-4213

Code Behaviors & Features

Detect and mitigate CVE-2013-6348 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →