Описание
Cross-Site Scripting in forms
Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting.
Recommendation
Update to version 1.3.0 or later.
Пакеты
Наименование
forms
npm
Затронутые версииВерсия исправления
< 1.3.0
1.3.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting