CVE-2023-33725: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 21, 2023 (updated July 5, 2023)

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.

References

github.com/Contrast-Security-OSS/Burptrast/tree/main/docs/CVE-2023-33725
github.com/advisories/GHSA-3862-fmr3-4f3h
nvd.nist.gov/vuln/detail/CVE-2023-33725

Code Behaviors & Features

Detect and mitigate CVE-2023-33725 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →