Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1M3gtd3d4Mi1wZzk2

Cross-Site Scripting in @berslucas/liljs

Versions of @berslucas/liljs prior to 1.0.2 are vulnerable to Cross-Site Scripting (XSS). The package uses the unsafe innerHTML function without sanitizing input, which may allow attackers to execute arbitrary JavaScript on the victim's browser.

Recommendation

Upgrade to version 1.0.2 or later.

Permalink: https://github.com/advisories/GHSA-c53x-wwx2-pg96
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1M3gtd3d4Mi1wZzk2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Identifiers: GHSA-c53x-wwx2-pg96
References:

• https://snyk.io/vuln/SNYK-JS-BERSLUCASLILJS-450217
• https://www.npmjs.com/advisories/1016
• https://github.com/bersLucas/liljs/pull/7
• https://github.com/bersLucas/liljs/commit/779c0dcd8aba434a1c94db7d1d2d990a629f9a6c
• https://github.com/bersLucas/liljs/releases/tag/1.0.2
• https://github.com/advisories/GHSA-c53x-wwx2-pg96

Repository: https://github.com/bersLucas/liljs
Blast Radius: 1.0

Affected Packages