Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5d3IteHI0ci02NmZo
Cross-Site Scripting in dmn-js-properties-panel
Versions of dmn-js-properties-panel
prior to 0.8.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website.
Recommendation
Upgrade to version 0.3.0 or later.
Permalink: https://github.com/advisories/GHSA-h9wr-xr4r-66fhJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5d3IteHI0ci02NmZo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-h9wr-xr4r-66fh
References: Blast Radius: 0.0
Affected Packages
npm:dmn-js-properties-panel
Dependent packages: 11Dependent repositories: 32
Downloads: 13,667 last month
Affected Version Ranges: < 0.3.0
Fixed in: 0.3.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0
All unaffected versions: 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 2.0.0, 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.5.2