All versions of status-board
are vulnerable to Cross-Site Scripting. The renderDashboard()
function concatenates the safeDashboard
variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
No fix is currently available. Consider using an alternative package until a fix is made available.
CPE | Name | Operator | Version |
---|---|---|---|
status-board | ge | 0.0.0 |