Cross-Site Scripting in status-board

2019-09-23T18:32:54
ID GHSA-6M4R-CGM3-6Q7Q
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:49:09

Description

All versions of status-board are vulnerable to Cross-Site Scripting. The renderJsDashboard() function concatenates the safeDashboard variable to the HTTP response message with insufficient sanitization. If this variable is controlled by user input it may allow attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.