CVE-2022-3245: Improper Control of Generation of Code ('Code Injection')

September 21, 2022

HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input.

References

github.com/advisories/GHSA-gm8c-w9cm-c445
github.com/microweber/microweber/commit/f20abf30a1d9c1426c5fb757ac63998dc5b92bfc
huntr.dev/bounties/747c2924-95ca-4311-9e69-58ee0fb440a0
nvd.nist.gov/vuln/detail/CVE-2022-3245

Detect and mitigate CVE-2022-3245 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →