2 matches found
@c12e/cortex-studio-skill-lab-extension (>=0.4.4 <=0.4.7), @dmsi/grid (>=2.0.0 <=9.2.0) +99 more potentially affected by CVE-2017-16009 via ag-grid (>=11.0.0 <=18.1.2)
ag-grid NPM version =11.0.0, =0.4.4, =2.0.0, =1.1.0, =0.1.1, =3.0.0-0, =5.0.0-beta.1, =0.0.24, =5.2.0, =1.0.2-alpha.0, =2.0.0, =0.5.0, =0.2.0-SNAPSHOT.1, =1.0.0, =0.0.44, =0.0.1, =3.0.3 and more Source cves: CVE-2017-16009 Source advisory: OSV:GHSA-WFW3-RGFR-6G67...
CVE-2017-16009
The CVE-2017-16009 entry affects ag-grid when used with AngularJS, where Angular Expressions can be exploited to trigger Cross-site Scripting (XSS). The vulnerability arises from how AngularJS interacts with ag-grid, enabling injected expressions to run in the context of the page. Several connect...