DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

XSS Vulnerability Discovered in Backstage Software Catalog

2 years ago thenewstack.io

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

https://backstage.io/ the open source internal developer portal created by https://thenewstack.io/how-spotlify-adopted-platform-engineering-culture/ has been adopted by American Airlines, Fidelity Investments, Netflix, https://tanzu.vmware.com?utm_content=inline-mention and other enterprises. In mid-February, https://nvd.nist.gov/vuln/detail/CVE-2023-25571 in the https://thenewstack.io/spotifys-backstage-a-strategic-guide/ Software Catalog, which could allow an attacker to inject malicious code into the application. The vulnerability is caused by insufficient input validation of user-supplied data, specifically in the search functionality of the catalog.

As a result, an attacker can inject malicious scripts into the page that will execute in the browser of anyone who visits the affected page.

This can prevent attackers from executing malicious scripts or injecting malicious code into a page.

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com