3 matches found
@csnext/cs-timeline (>=0.0.101-beta.22 <=0.0.132-beta.446), @net7/components (>=3.0.2-rc.2 <=4.3.2) +10 more potentially affected by CVE-2020-28487 via vis-timeline (>=5.1.0 <=7.4.2)
vis-timeline NPM version =5.1.0, =0.0.101-beta.22, =3.0.2-rc.2, =1.2.0, =8.0.0, =2.0.0, =1.3.0, =3.0.0, =1.0.0, =0.0.6, =0.1.0, =0.3.0 Source cves: CVE-2020-28487 Source advisory: OSV:GHSA-9MRV-456V-PF22...
CVE-2020-28487
The CVE-2020-28487 entry affects vis-timeline (prior to 7.4.4). Affected component: Timeline items data; root cause is the ability to control Timeline items which allows injection of script code into the generated application, resulting in cross-site scripting (XSS). Impact per sources is that an...
@csnext/cs-timeline (>=0.0.101-beta.22 <=0.0.132-beta.446), @net7/components (>=3.0.2-rc.2 <=4.3.2) +4 more potentially affected by CVE-2020-28487 via vis-timeline (>=7.1.3 <=7.4.2)
vis-timeline NPM version =7.1.3, =0.0.101-beta.22, =3.0.2-rc.2, =2.0.0, =1.3.0, =3.1.1-build1667201258, =3.1.2-build1667201375 Source cves: CVE-2020-28487 Source advisory: SNYK:JS-VISTIMELINE-1063500...