EPSS
Percentile
39.4%
Central Dogma is vulnerable to cross-site scripting (XSS). It does not escape the arg.message parameter in error notification messages, allowing an attacker to inject arbitrary script through it.
arg.message
jvn.jp/en/jp/JVN94889214/index.html
github.com/line/centraldogma/commit/25fcbbd098f69236b115f27c6b6de6b4e44f3103
github.com/line/centraldogma/pull/422
github.com/line/centraldogma/releases/tag/centraldogma-0.41.0