CVE-2017-16015: Cross-site Scripting

June 4, 2018 (updated October 9, 2019)

The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.

References

nvd.nist.gov/vuln/detail/CVE-2017-16015

Code Behaviors & Features

Detect and mitigate CVE-2017-16015 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →