CVE-2019-13234: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

November 12, 2019 (updated August 18, 2021)

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.

References

aetsu.github.io/OpenCms
github.com/advisories/GHSA-fxp8-7h5w-h235
github.com/alkacon/apollo-template/commits/branch_10_5_x
nvd.nist.gov/vuln/detail/CVE-2019-13234

Code Behaviors & Features

Detect and mitigate CVE-2019-13234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →