CVE-2022-1811: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 23, 2022 (updated June 27, 2023)

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

References

github.com/publify/publify/commit/0fb6b027fbaf17f6a6551f2148482a03eac12927
huntr.dev/bounties/4d97f665-c9f1-4c38-b774-692255a7c44c
nvd.nist.gov/vuln/detail/CVE-2022-1811

Detect and mitigate CVE-2022-1811 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →