Description
All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard() function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Update the status-board package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.82
- Patched version(s): 1.1.82
References
Related Issues
- PrismJS DOM Clobbering vulnerability - CVE-2024-53382
- Server-Side Request Forgery in axios - CVE-2024-39338
- DOS by abusing `fetchOptions.retry`. - CVE-2023-49800
- Prototype Pollution in querystringify - Vulnerability
- Tags:
- npm
- status-board
Anything's wrong? Let us know Last updated on January 09, 2023