GHSA-8864-rhmw-5m6f

Опубликовано: 23 сент. 2019

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard() function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 1.1.82 to receive a patch.

Ссылки

Пакеты

Наименование

status-board

npm

Затронутые версииВерсия исправления

< 1.1.82

1.1.82

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-15479

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-15479

CVSS3: 6.1

nvd

больше 6 лет назад

Status Board 1.1.81 has reflected XSS via dashboard.ts.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2019-15479

Дефекты

CWE-79