Описание
Cross-Site Scripting in console-feed
Versions of console-feed prior to 2.8.10 are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape the rendered output. If an application uses console-feed and a malicious JavaScript payload was passed to a console.log('%_', payload) call, the package would render HTML containing the malicious payload.
Recommendation
Upgrade to version 2.8.10 or later.
Пакеты
Наименование
console-feed
npm
Затронутые версииВерсия исправления
< 2.8.10
2.8.10
Дефекты
CWE-79
Дефекты
CWE-79