2 matches found
CVE-2022-1330
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss...
Cross-site Scripting (XSS)
fullpage.js is vulnerable to cross-site scripting. Lack of sanitization of anchor URL before putting it in anchor href in alvarotrigo/fullpage.js allows an attacker to inject malicious javascript...