CVE-2022-35174: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

August 19, 2022 (updated August 30, 2022)

A stored cross-site scripting (XSS) vulnerability in Kirby’s Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.

References

github.com/advisories/GHSA-4m2g-668v-jwjx
nvd.nist.gov/vuln/detail/CVE-2022-35174
owasp.org/www-community/attacks/xss/
www.youtube.com/watch?v=0lngc_zPTSg

Detect and mitigate CVE-2022-35174 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →