A vulnerability classified as problematic has been found in Webdetails cpf up to 9.5.0.0-80. Affected is an unknown function of the file core/src/main/java/pt/webdetails/cpf/packager/DependenciesPackage.java. The manipulation of the argument baseUrl leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 9.5.0.0-81 is able to address this issue. The name of the patch is 3bff900d228e8cae3af256b447c5d15bdb03c174. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216468.
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
| Link | Tags |
|---|---|
| https://github.com/siwapp/siwapp-ror/pull/365 | not applicable |
| https://github.com/webdetails/cpf/releases/tag/9.5.0.0-81 | third party advisory release notes |
| https://github.com/webdetails/cpf/commit/3bff900d228e8cae3af256b447c5d15bdb03c174 | third party advisory patch |
| https://vuldb.com/?id.216468 | vdb entry third party advisory |