Description
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 2.7.26
References
Related Issues
- jsPDF Denial of Service (DoS) - CVE-2025-57810
- MailDev Remote Code Execution - CVE-2024-27448
- vxe-table prototype pollution - CVE-2024-57080
- Cross-Site Scripting in jquery - CVE-2020-7656
- Tags:
- npm
- cd-messenger
Anything's wrong? Let us know Last updated on February 01, 2023