Описание
Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript.
Recommendation
Upgrade to version 4.18.2 or later
Пакеты
Наименование
ids-enterprise
npm
Затронутые версииВерсия исправления
< 4.18.2
4.18.2
Дефекты
CWE-79
Дефекты
CWE-79