Versions of status-board
prior to 1.1.82 are vulnerable to Cross-Site Scripting. The renderDashboard()
function concatenates the safeDashboard
variable to the printed error message with insufficient sanitization. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Upgrade to version 1.1.82 to receive a patch.
CPE | Name | Operator | Version |
---|---|---|---|
status-board | lt | 1.1.82 |