Lucene search
GoogleOSV:GHSA-9MRV-456V-PF22HistoryApr 13, 2021 - 3:19 p.m.
Cross-site Scripting in vis-timeline
2021-04-1315:19:50
Google
osv.dev
12
security
vis-timeline
vulnerability
script injection
software
EPSS
0.001
Percentile
49.9%
This affects the package vis-timeline before 7.4.4.
An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
References
github.com/visjs/vis-timeline/commit/a7ca349c7b3b6080efd05776ac77bb27176d4d3f
github.com/visjs/vis-timeline/issues/838
github.com/visjs/vis-timeline/pull/840
nvd.nist.gov/vuln/detail/CVE-2020-28487
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVISJS-1063502
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1063501
snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500
Related
cve
cve
CVE-2020-28487
2021-01-22 18:15:12
osv
osv
CVE-2020-28487
2021-01-22 18:15:12
nvd
nvd
CVE-2020-28487
2021-01-22 18:15:12
prion
prion
Design/Logic Flaw
2021-01-22 18:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2021-01-25 06:33:12
cvelist
cvelist
CVE-2020-28487 Cross-site Scripting (XSS)
2021-01-22 17:15:20
github
github
Cross-site Scripting in vis-timeline
2021-04-13 15:19:50