CVE-2023-25309: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 11, 2023 (updated May 20, 2023)

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.

References

fetlife.com/
rollout-ui.com/
cxsecurity.com/issue/WLB-2023050012
nvd.nist.gov/vuln/detail/CVE-2023-25309
packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.html

Detect and mitigate CVE-2023-25309 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →