GMS-2016-128: Cross-Site Scripting

December 22, 2016

This package is vulnerable to Cross-Site Scripting (XSS). When a label is rendered, the contents of the label element were not escaped.

References

github.com/OneGov/onegov.form/commit/abce4e1ca620de244460f005f9d2412683552f30
github.com/wtforms/wtforms/issues/315

Detect and mitigate GMS-2016-128 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →