CVE-2023-0488: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 26, 2023 (updated February 7, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.

References

github.com/advisories/GHSA-wcm6-wv95-7jw6
github.com/pyload/pyload/commit/46d75a3087f3237d06530d55998938e2e2bda6bd
huntr.dev/bounties/4311d8d7-682c-4f2a-b92c-3f9f1a36255a
nvd.nist.gov/vuln/detail/CVE-2023-0488

Detect and mitigate CVE-2023-0488 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →