Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjMtM2g5Ni1yd2o2
Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript.
Recommendation
Upgrade to version 4.18.2 or later
Permalink: https://github.com/advisories/GHSA-49r3-3h96-rwj6JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjMtM2g5Ni1yd2o2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-49r3-3h96-rwj6
References:
- https://github.com/infor-design/enterprise-ng/issues/503
- https://github.com/infor-design/enterprise/commit/6bd74d8f38c268b22f31e8169316e065e0093362
- https://www.npmjs.com/advisories/956
- https://github.com/advisories/GHSA-49r3-3h96-rwj6
Blast Radius: 0.0
Affected Packages
npm:ids-enterprise
Dependent packages: 4Dependent repositories: 13
Downloads: 13,716 last month
Affected Version Ranges: < 4.18.2
Fixed in: 4.18.2
All affected versions: 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.11.0, 4.12.0, 4.12.1, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.16.1, 4.16.2, 4.17.0, 4.17.1, 4.18.0, 4.18.1
All unaffected versions: 4.18.2, 4.19.0, 4.19.1, 4.19.2, 4.19.3, 4.19.4, 4.20.0, 4.20.1, 4.21.0, 4.21.1, 4.21.2, 4.21.3, 4.22.0, 4.22.1, 4.23.0, 4.24.0, 4.25.0, 4.25.1, 4.25.2, 4.25.3, 4.26.0, 4.26.1, 4.26.2, 4.27.0, 4.27.1, 4.27.2, 4.27.3, 4.27.4, 4.27.5, 4.27.6, 4.28.0, 4.28.1, 4.28.2, 4.28.3, 4.28.4, 4.28.5, 4.29.0, 4.29.1, 4.29.2, 4.29.3, 4.30.0, 4.30.1, 4.31.0, 4.31.1, 4.31.2, 4.31.3, 4.31.4, 4.31.5, 4.32.0, 4.32.1, 4.32.2, 4.33.0, 4.33.1, 4.33.2, 4.34.0, 4.34.1, 4.34.2, 4.34.3, 4.35.0, 4.35.1, 4.35.2, 4.35.3, 4.35.4, 4.36.0, 4.36.1, 4.36.2, 4.37.0, 4.37.1, 4.37.2, 4.37.3, 4.38.0, 4.38.1, 4.50.0, 4.50.1, 4.50.2, 4.50.3, 4.50.4, 4.51.0, 4.51.1, 4.51.3, 4.51.4, 4.52.0, 4.52.1, 4.52.2, 4.52.3, 4.52.4, 4.53.0, 4.53.1, 4.53.2, 4.53.3, 4.53.4, 4.53.5, 4.54.0, 4.54.1, 4.54.2, 4.54.3, 4.55.0, 4.55.1, 4.55.2, 4.55.3, 4.56.0, 4.57.0, 4.57.1, 4.57.2, 4.58.0, 4.58.1, 4.58.2, 4.58.3, 4.59.0, 4.59.1, 4.59.2, 4.59.3, 4.59.4, 4.60.0, 4.60.1, 4.60.2, 4.60.3, 4.61.0, 4.61.1, 4.61.2, 4.62.0, 4.62.1, 4.62.2, 4.62.3, 4.62.4, 4.62.5, 4.62.6, 4.62.7, 4.63.0, 4.63.1, 4.63.2, 4.63.3, 4.63.4, 4.64.0, 4.64.1, 4.64.2, 4.64.3, 4.64.4, 4.64.5, 4.64.6, 4.65.0, 4.65.1, 4.65.2, 4.65.3, 4.65.4, 4.65.5, 4.65.6, 4.65.7, 4.66.0, 4.67.0, 4.67.1, 4.67.2, 4.67.3, 4.67.4, 4.67.5, 4.67.6, 4.68.0, 4.68.1, 4.68.2, 4.68.3, 4.68.4, 4.68.5, 4.69.0, 4.70.0, 4.80.0, 4.80.1, 4.80.2, 4.80.3, 4.80.4, 4.80.5, 4.80.6, 4.81.0, 4.81.1, 4.82.0, 4.82.1, 4.83.0, 4.83.1, 4.84.0, 4.84.1, 4.84.2, 4.84.3, 4.84.4, 4.84.5, 4.84.6, 4.84.7, 4.84.8, 4.84.9, 4.84.10, 4.84.11, 4.84.12, 4.84.13, 4.85.0, 4.86.0, 4.87.0, 4.88.0, 4.88.1, 4.88.2, 4.89.0, 4.90.0, 4.90.1, 4.90.3, 4.90.4, 4.91.0, 4.91.1, 4.92.0, 4.92.1, 4.92.2, 4.92.3, 4.92.4, 4.92.5, 4.92.6, 4.92.7, 4.93.0, 4.93.1, 4.93.2, 4.94.0, 4.94.1, 4.94.2