Lucene search
Cameron LonsdaleNODEJS:1150HistorySep 05, 2019 - 9:42 p.m.
Cross-Site Scripting
2019-09-0521:42:41
Cameron Lonsdale
www.npmjs.com
9
0.001 Low
EPSS
Percentile
34.0%
Overview
All versions of status-board are vulnerable to Cross-Site Scripting. The renderDashboard() function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| status-board | ge | 0.0.0 |
Related
nvd
nvd
CVE-2019-15479
2019-08-26 14:15:10
cve
cve
CVE-2019-15479
2019-08-26 14:15:10
osv
osv
CVE-2019-15479
2019-08-26 14:15:10
Status Board vulnerable to Cross-Site Scripting before v1.1.82
2019-09-23 18:32:42
cvelist
cvelist
CVE-2019-15479
2019-08-26 13:49:16
prion
prion
Cross site scripting
2019-08-26 14:15:00
cnvd
cnvd
Status Board Cross-Site Scripting Vulnerability
2019-08-27 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Status Board Project Status Board
2020-12-01 09:18:57
veracode
veracode
Cross-Site Scripting (XSS)
2019-08-27 03:35:37
github
github
Status Board vulnerable to Cross-Site Scripting before v1.1.82
2019-09-23 18:32:42