3 matches found
CVE-2020-7747
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...
CVE-2020-7747
CVE-2020-7747 – Cross-site Scripting in lightning-server (session controller) . Several connected sources confirm that lightning-server is vulnerable to XSS across all versions, allowing injection of malicious JavaScript via the session controller. A PoC demonstrates posting a crafted payload in ...
CVE-2020-7747 Cross-site Scripting (XSS)
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller...