CVE-2017-1000426: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2022 (updated July 26, 2023)

MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.

References

github.com/advisories/GHSA-g4rw-82hq-8jpr
github.com/mapproxy/mapproxy/commit/420412aad45171e05752007a0a2350c03c28dfd8
github.com/mapproxy/mapproxy/commit/436c8f489761d1b4ee22b2440b53cc96bbc28aea
github.com/mapproxy/mapproxy/issues/322
nvd.nist.gov/vuln/detail/CVE-2017-1000426

Detect and mitigate CVE-2017-1000426 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →