Description
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim’s browser via sending a crafted payload to /container_files/public_html/doc/index.html. NOTE: the vendor’s position is that Apps/Sandcastle/standalone.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.111.0
References
Related Issues
- Cross-Site-Scripting attack on `<RichTextField>` (GHSA-5jcr-82fh-339v) - CVE-2023-25572
- Vega Expression Language `scale` expression function Cross Site Scripting (GHSA-4vq7-882g-wcg4) - CVE-2023-26486
- Vega Expression Language `scale` expression function Cross Site Scripting - CVE-2023-26486
- Vega has Cross-site Scripting vulnerability in `lassoAppend` function (GHSA-w5m3-xh75-mp55) - CVE-2023-26487
- Tags:
- npm
- cesium
Anything's wrong? Let us know Last updated on December 19, 2023