Lucene search
GoogleOSV:GHSA-8864-RHMW-5M6FHistorySep 23, 2019 - 6:32 p.m.
Status Board vulnerable to Cross-Site Scripting before v1.1.82
2019-09-2318:32:42
Google
osv.dev
7
0.001 Low
EPSS
Percentile
34.0%
Versions of status-board prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard() function concatenates the safeDashboard variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Upgrade to version 1.1.82 to receive a patch.
| CPE | Name | Operator | Version |
|---|---|---|---|
| status-board | lt | 1.1.82 |
Related
nvd
nvd
CVE-2019-15479
2019-08-26 14:15:10
cve
cve
CVE-2019-15479
2019-08-26 14:15:10
nodejs
nodejs
Cross-Site Scripting
2019-09-05 21:42:41
osv
osv
CVE-2019-15479
2019-08-26 14:15:10
cvelist
cvelist
CVE-2019-15479
2019-08-26 13:49:16
prion
prion
Cross site scripting
2019-08-26 14:15:00
cnvd
cnvd
Status Board Cross-Site Scripting Vulnerability
2019-08-27 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Status Board Project Status Board
2020-12-01 09:18:57
veracode
veracode
Cross-Site Scripting (XSS)
2019-08-27 03:35:37
github
github
Status Board vulnerable to Cross-Site Scripting before v1.1.82
2019-09-23 18:32:42