GHSA-fwcw-5qw2-87mp

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

Описание

fuelux vulnerable to Cross-Site Scripting in Pillbox feature

Affected versions of fuelux contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Recommendation

Update to version 3.15.7 or later.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2016-1000235
https://github.com/ExactTarget/fuelux/issues/1841
https://github.com/ExactTarget/fuelux/pull/1856
https://www.npmjs.com/advisories/133

Пакеты

Наименование

fuelux

npm

Затронутые версииВерсия исправления

< 3.15.7

3.15.7

CVE ID

CVE-2016-1000235

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-1000235

debian

Описание отсутствует

CVE ID

CVE-2016-1000235

Дефекты

CWE-79