CVE-2021-39391: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 15, 2021 (updated October 6, 2021)

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the “Request Statistics” page.

References

github.com/advisories/GHSA-c77f-4rgj-jfr4
github.com/beego/beego/issues/4727
nvd.nist.gov/vuln/detail/CVE-2021-39391

Code Behaviors & Features

Detect and mitigate CVE-2021-39391 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →