3 matches found
CVE-2021-32859
The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...
vue2-baremetrics-calendar (>=0.1.0 <=1.6.1) potentially affected by CVE-2021-32859 via baremetrics-calendar (=1.0.14)
baremetrics-calendar NPM version =1.0.14 is affected by a known vulnerability. The following packages have a transitive dependency on baremetrics-calendar and may be impacted: - vue2-baremetrics-calendar =0.1.0, =1.6.1 Source cves: CVE-2021-32859 Source advisory: OSV:GHSA-465F-MXXH-GRC4...
CVE-2021-32859
CVE-2021-32859 affects the Baremetrics date range picker (Calendar) up to version 1.0.14. The vulnerability arises from improper handling of untrusted placeholder values in Calendar.js, allowing an attacker to inject arbitrary HTML/JavaScript that renders in a user’s context (XSS). The connected ...