CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.9%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-40024

Nexb » Scancode.io » Version: 1.0.0

cpe:2.3:a:nexb:scancode.io:1.0.0
Nexb » Scancode.io » Version: 1.0.1

cpe:2.3:a:nexb:scancode.io:1.0.1
Nexb » Scancode.io » Version: 1.0.2

cpe:2.3:a:nexb:scancode.io:1.0.2
Nexb » Scancode.io » Version: 1.0.3

cpe:2.3:a:nexb:scancode.io:1.0.3
Nexb » Scancode.io » Version: 1.0.4

cpe:2.3:a:nexb:scancode.io:1.0.4
Nexb » Scancode.io » Version: 1.0.5

cpe:2.3:a:nexb:scancode.io:1.0.5
Nexb » Scancode.io » Version: 1.0.6

cpe:2.3:a:nexb:scancode.io:1.0.6
Nexb » Scancode.io » Version: 1.0.7

cpe:2.3:a:nexb:scancode.io:1.0.7
Nexb » Scancode.io » Version: 1.1.0

cpe:2.3:a:nexb:scancode.io:1.1.0
Nexb » Scancode.io » Version: 21.4.14

cpe:2.3:a:nexb:scancode.io:21.4.14
Nexb » Scancode.io » Version: 21.4.28

cpe:2.3:a:nexb:scancode.io:21.4.28
Nexb » Scancode.io » Version: 21.4.5

cpe:2.3:a:nexb:scancode.io:21.4.5
Nexb » Scancode.io » Version: 21.5.12

cpe:2.3:a:nexb:scancode.io:21.5.12
Nexb » Scancode.io » Version: 21.6.10

cpe:2.3:a:nexb:scancode.io:21.6.10
Nexb » Scancode.io » Version: 21.8.2

cpe:2.3:a:nexb:scancode.io:21.8.2
Nexb » Scancode.io » Version: 21.9.6

cpe:2.3:a:nexb:scancode.io:21.9.6
Nexb » Scancode.io » Version: 30.0.0

cpe:2.3:a:nexb:scancode.io:30.0.0
Nexb » Scancode.io » Version: 30.0.1

cpe:2.3:a:nexb:scancode.io:30.0.1
Nexb » Scancode.io » Version: 30.1.0

cpe:2.3:a:nexb:scancode.io:30.1.0
Nexb » Scancode.io » Version: 30.1.1

cpe:2.3:a:nexb:scancode.io:30.1.1
Nexb » Scancode.io » Version: 30.2.0

cpe:2.3:a:nexb:scancode.io:30.2.0
Nexb » Scancode.io » Version: 31.0.0

cpe:2.3:a:nexb:scancode.io:31.0.0
Nexb » Scancode.io » Version: 32.0.0

cpe:2.3:a:nexb:scancode.io:32.0.0
Nexb » Scancode.io » Version: 32.0.1

cpe:2.3:a:nexb:scancode.io:32.0.1
Nexb » Scancode.io » Version: 32.1.0

cpe:2.3:a:nexb:scancode.io:32.1.0
Nexb » Scancode.io » Version: 32.2.0

cpe:2.3:a:nexb:scancode.io:32.2.0
Nexb » Scancode.io » Version: 32.3.0

cpe:2.3:a:nexb:scancode.io:32.3.0
Nexb » Scancode.io » Version: 32.4.0

cpe:2.3:a:nexb:scancode.io:32.4.0
Nexb » Scancode.io » Version: 32.5.0

cpe:2.3:a:nexb:scancode.io:32.5.0
Nexb » Scancode.io » Version: 32.5.1

cpe:2.3:a:nexb:scancode.io:32.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-40024

Products

Pricing

Contact Us