CVE-2022-30874: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 21, 2022 (updated September 13, 2022)

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.

References

github.com/advisories/GHSA-pm37-5j5m-6cvw
github.com/nukeviet/nukeviet/commit/1f328bb8cd256f88bd45fc3ec5a50ae951da2501
nukeviet.vn/vi/news/Tin-tuc/thong-bao-phat-hanh-nukeviet-4-5-02-708.html
nvd.nist.gov/vuln/detail/CVE-2022-30874

Code Behaviors & Features

Detect and mitigate CVE-2022-30874 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →