Описание
Cross-site Scripting in tempura
This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability.
Пакеты
Наименование
tempura
npm
Затронутые версииВерсия исправления
< 0.4.0
0.4.0
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability.