Description
A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.
Recommendation
Update the generator-hottowel package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.0
- Patched version(s): 0.5.0
References
Related Issues
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- Bootstrap Cross-site Scripting vulnerability (GHSA-4p24-vmcr-4gqj) - CVE-2016-10735
- Vega has Cross-site Scripting vulnerability in `lassoAppend` function (GHSA-w5m3-xh75-mp55) - CVE-2023-26487
- Vega has Cross-site Scripting vulnerability in `lassoAppend` function - CVE-2023-26487
- Tags:
- npm
- generator-hottowel
Anything's wrong? Let us know Last updated on March 02, 2023