com.att.nsa:msgrtr (=0.0.5), com.causecode.plugins:mongo-update-embedded (>=0.0.3 <=1.0.0) +86 more potentially affected by CVE-2019-12728 via org.grails:grails-core (>=1.1 <=3.3.1)

org.grails:grails-core MAVEN version =1.1, =0.0.3, =0.4, =5.0.0.RC1, =1.0.0.GA, =6.0.0.RC1, =1.0.0.GA, =5.0.0.RC1, =3.0.0, =3.0.0, =1.1, =1.0.2.RELEASE, =1.0.0-M01, =6.1.0.RELEASE and more Source cves: CVE-2019-12728 Source advisory: OSV:GHSA-PMXF-4V8C-RWR7...

com.att.nsa:msgrtr (=0.0.5), com.causecode.plugins:mongo-update-embedded (>=0.0.3 <=1.0.0) +86 more potentially affected by CVE-2018-1000529 via org.grails:grails-core (>=1.1 <=3.3.3)

org.grails:grails-core MAVEN version =1.1, =0.0.3, =0.4, =5.0.0.RC1, =1.0.0.GA, =6.0.0.RC1, =1.0.0.GA, =5.0.0.RC1, =3.0.0, =3.0.0, =1.1, =1.0.2.RELEASE, =1.0.0-M01, =6.1.0.RELEASE and more Source cves: CVE-2018-1000529 Source advisory: OSV:GHSA-Q25J-GCMV-5QPP...

Cross-site Scripting (XSS)

Grails-core is vulnerable to cross-site scripting XSS attacks through the default error handler. The default error handler does not sanitize user-input values when displaying an error, allowing an attacker to inject arbitrary Javascript code into a victim's browser...