CVE-2024-37156: TokenController formName not sanitized in hidden input
TokenController get parameter formName not sanitized in returned input field leads to XSS.
What kind of vulnerability is it? Who is impacted?
References
Detect and mitigate CVE-2024-37156 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →