Описание
Cross-Site Scripting in jingo
Versions of jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting (XSS). If malicious input such as <script>alert(1)</script> is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text.
Recommendation
Upgrade to version 1.9.2
Пакеты
Наименование
jingo
npm
Затронутые версииВерсия исправления
< 1.9.2
1.9.2
Дефекты
CWE-79
Дефекты
CWE-79