GMS-2024-302: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in @scrypted/core.
References
- github.com/advisories/GHSA-w4hv-vmv9-hgcr
- github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/package.json
- github.com/koush/scrypted/blob/71cbe83a2a20f743342df695ca7b98482b73e60f/server/src/plugin/plugin-http.ts
- github.com/koush/scrypted/blob/v0.55.0/plugins/core/package.json
- github.com/koush/scrypted/blob/v0.55.0/plugins/core/ui/src/Login.vue
- github.com/koush/scrypted/releases/tag/v0.55.0
- github.com/koush/scrypted/security/advisories/GHSA-w4hv-vmv9-hgcr
- nvd.nist.gov/vuln/detail/CVE-2023-47620
- nvd.nist.gov/vuln/detail/CVE-2023-47623
Code Behaviors & Features
Detect and mitigate GMS-2024-302 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →