4 matches found
CVE-2023-40024
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint
ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...
CVE-2023-40024
ScanCode.io (server for software composition analysis) is affected by a reflected XSS in the /license/ endpoint. The vulnerability arises from inadequate validation/sanitization of the license key in license_details_view, allowing an attacker to inject script content that is echoed in the respons...