CVE-2022-3072: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 2, 2022 (updated September 16, 2022)

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.

References

github.com/advisories/GHSA-2mh7-qxcw-q39g
github.com/francoisjacquet/rosariosis/commit/dcd3b86156bf9e981944e1a9e01ea23d8ad7c83a
gitlab.com/francoisjacquet/rosariosis/blob/mobile/CHANGES.md
huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52
nvd.nist.gov/vuln/detail/CVE-2022-3072

Detect and mitigate CVE-2022-3072 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →