CVE-2023-50100: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 14, 2023 (updated December 15, 2023)

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.

References

github.com/Jarvis-616/cms/blob/master/There%20is%20a%20storage%20type%20XSS%20for%20carousel%20image%20editing.md
github.com/advisories/GHSA-3hf6-f8ch-5869
nvd.nist.gov/vuln/detail/CVE-2023-50100

Detect and mitigate CVE-2023-50100 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →