CVE-2024-27609: Bonita cross-site scripting vulnerability
(updated )
Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel.
References
- documentation.bonitasoft.com/bonita/latest/release-notes
- github.com/advisories/GHSA-8vj9-5v5q-fhch
- github.com/bonitasoft/bonita-engine
- github.com/bonitasoft/bonita-engine/commit/15dc60a99d97f9407b5089ba26f792cf3bd87f6b
- github.com/bonitasoft/bonita-engine/commit/26b24690a80dce11c0a4fa38ea54aeb35ca1e541
- github.com/bonitasoft/bonita-engine/commit/2c84ea1a76f7e7f345c334645e46428e9376b0c9
- github.com/bonitasoft/bonita-engine/commit/90469adf2b0ebf33f4c65b583f5c96284c8c1086
- nvd.nist.gov/vuln/detail/CVE-2024-27609
Code Behaviors & Features
Detect and mitigate CVE-2024-27609 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →