GMS-2015-2: HTML Injection

January 22, 2015

Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim’s browser.

References

github.com/erming/shout/pull/344

Detect and mitigate GMS-2015-2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →