https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 05 Jun 2026 22:55:20 +0000 https://vulnerability.circl.lu/sighting/a40415d9-1dfa-43e7-9a57-cd21a2e6dafb/export {"uuid": "a40415d9-1dfa-43e7-9a57-cd21a2e6dafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-40024", "type": "published-proof-of-concept", "source": "https://github.com/aboutcode-org/scancode.io/security/advisories/GHSA-6xcx-gx7r-rccj", "content": "", "creation_timestamp": "2023-08-14T08:00:10.000000Z"} {"uuid": "a40415d9-1dfa-43e7-9a57-cd21a2e6dafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-40024", "type": "published-proof-of-concept", "source": "https://github.com/aboutcode-org/scancode.io/security/advisories/GHSA-6xcx-gx7r-rccj", "content": "", "creation_timestamp": "2023-08-14T08:00:10.000000Z"} https://vulnerability.circl.lu/sighting/a40415d9-1dfa-43e7-9a57-cd21a2e6dafb/export Mon, 14 Aug 2023 08:00:10 +0000 https://vulnerability.circl.lu/sighting/f5dde7c6-899c-4f07-8e86-620be27af786/export {"uuid": "f5dde7c6-899c-4f07-8e86-620be27af786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40024", "type": "seen", "source": "https://t.me/cibsecurity/68489", "content": "\u203c CVE-2023-40024 \u203c\n\nScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:52.000000Z"} {"uuid": "f5dde7c6-899c-4f07-8e86-620be27af786", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40024", "type": "seen", "source": "https://t.me/cibsecurity/68489", "content": "\u203c CVE-2023-40024 \u203c\n\nScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T00:19:52.000000Z"} https://vulnerability.circl.lu/sighting/f5dde7c6-899c-4f07-8e86-620be27af786/export Tue, 15 Aug 2023 00:19:52 +0000