GHSA-8864-rhmw-5m6f

Source

https://github.com/advisories/GHSA-8864-rhmw-5m6f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/09/GHSA-8864-rhmw-5m6f/GHSA-8864-rhmw-5m6f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8864-rhmw-5m6f

Aliases

CVE-2019-15479

Published

2019-09-23T18:32:42Z

Modified

2023-11-08T04:01:13.125998Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Status Board vulnerable to Cross-Site Scripting before v1.1.82

Details

Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard() function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 1.1.82 to receive a patch.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2019-09-19T15:16:08Z",
    "github_reviewed": true,
    "nvd_published_at": null
}

References

Affected packages

npm / status-board

Package

Name: status-board; View open source insights on deps.dev
Purl: pkg:npm/status-board

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.82