GHSA-crfx-5phg-hmw9

Опубликовано: 13 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). Script tags in the soho-autocomplete component are not properly encoded and may allow attackers to execute arbitrary JavaScript.

Recommendation

Upgrade to version 4.18.2 or later

Ссылки

https://github.com/infor-design/enterprise-ng/issues/502
https://github.com/infor-design/enterprise/commit/ce7b335bb614a6720867abf5b8eb351deb13aed1
https://www.npmjs.com/advisories/955

Пакеты

Наименование

ids-enterprise

npm

Затронутые версииВерсия исправления

< 4.18.2

4.18.2

Дефекты

CWE-79

Дефекты

CWE-79