Versions of cyberchef
prior to 8.31.3 are vulnerable to Cross-Site Scripting. In Text Encoding Brute Force
the table rows are created by concatenating the value
variable unsanitized in the HTML code. If this variable is controlled by user input it allows attackers to execute arbitrary JavaScript in a victim’s browser.
Upgrade to version 8.31.3 or later.
github.com/gchq/CyberChef/commit/01f0625d6a177f9c5df9281f12a27c814c2d8bcf
github.com/gchq/CyberChef/compare/v8.31.1...v8.31.2
github.com/gchq/CyberChef/issues/539
github.com/gchq/CyberChef/issues/544
nvd.nist.gov/vuln/detail/CVE-2019-15532
snyk.io/vuln/SNYK-JS-CYBERCHEF-460296
www.npmjs.com/advisories/1149