https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 06 Jun 2026 21:51:12 +0000 https://db.gcve.eu/sighting/f5dde7c6-899c-4f07-8e86-620be27af786/export {"uuid": "f5dde7c6-899c-4f07-8e86-620be27af786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40024", "type": "seen", "source": "https://t.me/cibsecurity/68489", "content": "\u203c CVE-2023-40024 \u203c\n\nScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:52.000000Z"} {"uuid": "f5dde7c6-899c-4f07-8e86-620be27af786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40024", "type": "seen", "source": "https://t.me/cibsecurity/68489", "content": "\u203c CVE-2023-40024 \u203c\n\nScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:52.000000Z"} https://db.gcve.eu/sighting/f5dde7c6-899c-4f07-8e86-620be27af786/export Tue, 15 Aug 2023 00:19:52 +0000