Description
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
Remediation
References
https://github.com/alibaba/nacos/issues/7359
Related Vulnerabilities
CVE-2021-21141 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-23343 Vulnerability in npm package path-parse
CVE-2022-28150 Vulnerability in maven package com.synopsys.jenkinsci:ownership
CVE-2023-46731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2023-26128 Vulnerability in npm package keep-module-latest