CVE-2022-40373: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 15, 2022 (updated December 19, 2022)

Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.

References

github.com/liufee/cms/issues/67
nvd.nist.gov/vuln/detail/CVE-2022-40373

Detect and mitigate CVE-2022-40373 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →