CVE-2023-4196: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

August 6, 2023 (updated August 10, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.

References

github.com/advisories/GHSA-w3qm-93vf-5hrw
github.com/cockpit-hq/cockpit/commit/039a00cc310bff128ca6e6c1c46c6fbad0385c2c
huntr.dev/bounties/c275a2d4-721f-49f7-8787-b146af2056a0
nvd.nist.gov/vuln/detail/CVE-2023-4196

Detect and mitigate CVE-2023-4196 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →