Cross-Site Scripting

2019-07-17T21:39:17
ID NODEJS:1081
Type nodejs
Reporter Unknown
Modified 2019-07-25T18:17:10

Description

Overview

Versions of dmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website.

Recommendation

Upgrade to version 0.3.0 or later.

References