GHSA-9qgh-7pgp-hp7r

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in graylog-web-interface

All versions of graylog-web-interface are vulnerable to Cross-Site Scripting (XSS). The package fails to escape output on the TypeAhead and QueryInput components, which may allow attackers to execute arbitrary JavaScript on the victim's browser.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://www.npmjs.com/advisories/1028

Пакеты

Наименование

graylog-web-interface

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79