GHSA-4xr4-89m5-46c7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4xr4-89m5-46c7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-4xr4-89m5-46c7/GHSA-4xr4-89m5-46c7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4xr4-89m5-46c7
- Aliases
- Published
- 2023-04-20T06:30:17Z
- Modified
- 2023-11-08T04:11:04.896201Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- eslint-detailed-reporter vulnerable to cross-site scripting
- Details
-
A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The name of the patch is 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.
- Database specific
{ "github_reviewed_at": "2023-04-20T20:34:40Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2023-04-20T06:15:07Z", "severity": "LOW", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-4942
- https://github.com/mportuga/eslint-detailed-reporter/pull/46
- https://github.com/mportuga/eslint-detailed-reporter/commit/505c190efd4905990db6207863bdcbd9b1d7e1bd
- https://github.com/mportuga/eslint-detailed-reporter
- https://vuldb.com/?ctiid.226310
- https://vuldb.com/?id.226310
Affected packages
npm / eslint-detailed-reporter
Package
- Name
- eslint-detailed-reporter
- View open source insights on deps.dev
- Purl
- pkg:npm/eslint-detailed-reporter