Описание
Cross-Site Scripting in bpmn-js-properties-panel
Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website.
Recommendation
Upgrade to version 0.31.0 or later.
Пакеты
Наименование
bpmn-js-properties-panel
npm
Затронутые версииВерсия исправления
< 0.31.0
0.31.0
Дефекты
CWE-79
Дефекты
CWE-79