GHSA-MF22-92PM-M8P8 Cross site scripting in @awsui/components-react

Impact Components could potentially allow cross-site scripting XSS in certain circumstances. These components could render content without adequate neutralization. Patches Fixed in 3.0.367...

Cross-site Scripting (XSS)

@awsui/components-react is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript as the library does not properly sanitize the user input...

CVE-2022-24709 Cross site scripting in @awsui/components-react

@awsui/components-react is the main AWS UI package which contains React components, with TypeScript definitions designed for user interface development. Multiple components in versions before 3.0.367 have been found to not properly neutralize user input and may allow for javascript injection. Use...

CVE-2022-24709

The CVE-2022-24709 entry concerns @awsui/components-react (the AWS UI React component library). Affected versions before 3.0.367 fail to properly neutralize user input, which may permit JavaScript injection (XSS) when rendering content. The issue has been characterized across multiple sources as ...