GHSA-6m4r-cgm3-6q7q

Опубликовано: 23 сент. 2019

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Cross-Site Scripting in status-board

All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard() function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

Пакеты

Наименование

status-board

npm

Затронутые версииВерсия исправления

< 1.1.82

1.1.82

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-15478

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-15478

CVSS3: 6.1

nvd

больше 6 лет назад

Status Board 1.1.81 has reflected XSS via logic.ts.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-15478

Дефекты

CWE-79