https://db.gcve.eu/sightings/feed 2026-06-06T21:51:14.166982+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/f5dde7c6-899c-4f07-8e86-620be27af786/export 2026-06-06T21:51:14.506246+00:00 cedric https://db.gcve.eu/user/cedric {"uuid": "f5dde7c6-899c-4f07-8e86-620be27af786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40024", "type": "seen", "source": "https://t.me/cibsecurity/68489", "content": "\u203c CVE-2023-40024 \u203c\n\nScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:52.000000Z"} 2023-08-15T00:19:52+00:00