Описание
Cross-site Scripting in fullpage.js
using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element.
Пакеты
Наименование
fullpage.js
npm
Затронутые версииВерсия исправления
< 4.0.5
4.0.5
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .