Описание
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
Ссылки
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.4.4 (исключая)
cpe:2.3:a:visjs:vis-timeline:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 66%
0.00517
Низкий
6.8 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 66%
0.00517
Низкий
6.8 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-79