CVE-2020-18699: Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability

May 24, 2022 (updated September 30, 2024)

Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the ‘Username’ parameter of the in component ‘app/api/cms/user.py’.

References

github.com/TaleLin/lin-cms-flask
github.com/TaleLin/lin-cms-flask/issues/28
github.com/advisories/GHSA-rvf8-c35m-8289
github.com/pypa/advisory-database/tree/main/vulns/lin-cms/PYSEC-2021-340.yaml
nvd.nist.gov/vuln/detail/CVE-2020-18699

Detect and mitigate CVE-2020-18699 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →