GMS-2017-330: XSS in class documenting_xmlrpc_server

October 29, 2017

The generateDocs functions does not properly escape the GET parameter methodName.

References

github.com/gggeek/phpxmlrpc-extras/commit/65c336e3def9ce71b3e799104d3a6ad15668ddb0
github.com/gggeek/phpxmlrpc-extras/releases/tag/0.6.1

Code Behaviors & Features

Detect and mitigate GMS-2017-330 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →