Disclosure Date 2023/06/04

CVE-2023-32766

Cross-site Scripting in Gipod

GitpodにおけるXSS (クロスサイトスクリプティング)

Credit

RyotaK

Description

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).

Back