CVE-2023-23277 Information

Description

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the \Snippet code\ form field.

Reference

https://github.com/go-compile/security-advisories/blob/master/CVE-2023-23277.pdf https://github.com/pawelmalak/snippet-box https://github.com/pawelmalak/snippet-box/issues/57