CVE-2017-16022: Cross-site Scripting

June 4, 2018 (updated October 9, 2019)

In Morris, when control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded.

References

nvd.nist.gov/vuln/detail/CVE-2017-16022

Detect and mitigate CVE-2017-16022 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →