CVE-2020-13633: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 24, 2022 (updated July 17, 2023)

Fork before 5.8.3 allows XSS via navigation_title or title.

References

github.com/advisories/GHSA-74gc-hf33-5353
github.com/forkcms/forkcms/commit/b88f8a2033a4b9b4cbfce96c85691aafb021819d
github.com/forkcms/forkcms/pull/3093
nvd.nist.gov/vuln/detail/CVE-2020-13633

Detect and mitigate CVE-2020-13633 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →