4 matches found
GHSA-VMH4-322V-CFPC Cross-Site Scripting in cmmn-js-properties-panel
Versions of cmmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.8.0 or later...
Cross-Site Scripting in cmmn-js-properties-panel
Versions of cmmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.8.0 or later...
Cross-site Scripting (XSS)
cmmn-js-properties-panel is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of sanitization of HTML links...
Cross-Site Scripting
Overview Versions of cmmn-js-properties-panel prior to 0.8.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website. Recommendation Upgrade to version 0.8.0...