GHSA-49r3-3h96-rwj6

Опубликовано: 13 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript.

Recommendation

Upgrade to version 4.18.2 or later

Ссылки

https://github.com/infor-design/enterprise-ng/issues/503
https://github.com/infor-design/enterprise/commit/6bd74d8f38c268b22f31e8169316e065e0093362
https://www.npmjs.com/advisories/956

Пакеты

Наименование

ids-enterprise

npm

Затронутые версииВерсия исправления

< 4.18.2

4.18.2

Дефекты

CWE-79

Дефекты

CWE-79