Description
Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard() function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Update the status-board package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.82
- Patched version(s): 1.1.82
References
Related Issues
- Cross-Site Scripting in status-board - CVE-2019-15478
- Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67) - CVE-2019-11002
- Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc) - CVE-2019-11003
- Materialize-css vulnerable to Cross-site Scripting in tooltip component - CVE-2019-11002
- Tags:
- npm
- status-board
Anything's wrong? Let us know Last updated on March 31, 2023