CVE-2021-3977: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 6, 2022

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

References

github.com/advisories/GHSA-xg6r-5gx4-qxjm
github.com/invoiceninja/invoiceninja/commit/1186eaa82375692d01d5ef3369c5b7bc7315b55f
github.com/invoiceninja/invoiceninja/releases/tag/v5.3.35
huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde
nvd.nist.gov/vuln/detail/CVE-2021-3977

Detect and mitigate CVE-2021-3977 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →