CVE-2023-3672: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

July 14, 2023 (updated July 25, 2023)

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.

References

github.com/plaidweb/webmention.js/commit/3551b66b3e40da37fee89ecf72930c5efdc53011
huntr.dev/bounties/75cfb7ad-a75f-45ff-8688-32a9c55179aa
nvd.nist.gov/vuln/detail/CVE-2023-3672

Code Behaviors & Features

Detect and mitigate CVE-2023-3672 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →