4 matches found
@adelosrios/plugin-dependencytrack (>=0.2.8 <=0.2.9), @apresti12/plugin-argocd-autopilot (=0.2.1) +184 more potentially affected by CVE-2023-25571 via @backstage/core-components (>=0.0.0-nightly-20220310022859 <=0.11.2)
@backstage/core-components NPM version =0.0.0-nightly-20220310022859, =0.2.8, =0.1.3, =0.0.0-nightly-2022122206, =0.0.0-nightly-2021533445, =0.0.0-nightly-20240929023448, =0.0.0-nightly-20230927021302, =0.0.0-nightly-20251125024456, =0.0.0-nightly-2021242250, =0.0.0-nightly-20231223021142,...
CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog
Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...
CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog
Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...
CVE-2023-25571
CVE-2023-25571 affects Backstage components: @backstage/catalog-model <1.2.0, @backstage/core-components <0.12.4, and @backstage/plugin-catalog-backend