2 matches found
@nextcloud/vue (>=2.1.0 <=2.7.0) potentially affected by CVE-2021-29438 via @nextcloud/dialogs (>=1.4.0 <=2.0.1)
@nextcloud/dialogs NPM version =1.4.0, =2.1.0, =2.7.0 Source cves: CVE-2021-29438 Source advisory: OSV:GHSA-G3FQ-3V3G-MH32...
CVE-2021-29438 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...