CVE-2022-40365

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/ouqiang/gocron

Identifiers

GHSA-r947-2crg-xc39, CVE-2022-40365

Package Slug

go/github.com/ouqiang/gocron

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.

Affected Versions

All versions up to 1.5.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-19

source