CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
33.2%
scancodeio is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the lack of sanitization in the key
parameter of licenses.py
, which allows an attacker to inject and execute malicious JavaScript through the /license/
endpoint.
github.com/nexB/scancode.io/blob/dd7769fbc97c84545579cebf1dc4838214098a11/CHANGELOG.rst#v3252-2023-08-14
github.com/nexB/scancode.io/commit/ed5a48f655bef5b5d1a300ffc600b6826eb775ec
github.com/nexB/scancode.io/issues/847
github.com/nexB/scancode.io/pull/849
github.com/nexB/scancode.io/security/advisories/GHSA-6xcx-gx7r-rccj