Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
{ "source": "DESCRIPTION", "extracted_events": [ { "introduced": "14.0.0" }, { "fixed": "14.4.4" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33611.json"
{ "extracted_events": [ { "introduced": "1.0.0" }, { "fixed": "1.2.0" } ], "source": "DESCRIPTION" }