Описание
Cross-site scripting in anchorme
All versions of package anchorme are vulnerable to Cross-site Scripting (XSS) via the main functionality.
Ссылки
Пакеты
Наименование
anchorme
npm
Затронутые версииВерсия исправления
<= 2.1.2
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.