Описание
Cross-Site Scripting in atlasboard-atlassian-package
All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting (XSS). The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers being able to change issue summaries in Jira tickets.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
atlasboard-atlassian-package
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-79
Дефекты
CWE-79