Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3Y3ctNXF3Mi04N21w
fuelux vulnerable to Cross-Site Scripting in Pillbox feature
Affected versions of fuelux contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.
Recommendation
Update to version 3.15.7 or later.
Permalink: https://github.com/advisories/GHSA-fwcw-5qw2-87mpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3Y3ctNXF3Mi04N21w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: about 2 years ago
Identifiers: GHSA-fwcw-5qw2-87mp, CVE-2016-1000235
References:
- https://github.com/ExactTarget/fuelux/issues/1841
- https://github.com/ExactTarget/fuelux/pull/1856
- https://www.npmjs.com/advisories/133
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000235
- https://github.com/advisories/GHSA-fwcw-5qw2-87mp
Blast Radius: 0.0
Affected Packages
npm:fuelux
Dependent packages: 10Dependent repositories: 102
Downloads: 7,666 last month
Affected Version Ranges: < 3.15.7
Fixed in: 3.15.7
All affected versions: 3.9.0, 3.10.0, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.11.4, 3.11.5, 3.12.0, 3.13.0, 3.13.1, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.15.5, 3.15.6
All unaffected versions: 3.15.7, 3.15.8, 3.15.9, 3.15.10, 3.15.11, 3.15.12, 3.15.13, 3.16.0, 3.16.1, 3.16.2, 3.16.4, 3.16.5, 3.16.6, 3.17.0, 3.17.1, 3.17.2