Cross-Site Scripting in htmr

Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...

GHSA-F8RQ-M28H-8HXJ Cross-Site Scripting in htmr

Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...

Cross-Site Scripting

Overview Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser...

Cross-site Scripting (XSS)

htmr is vulnerable to cross-site scripting XSS. The vulnerability exists through the improper handling of the value of node.textContent in src/browser.ts...

Node.js third-party modules: [htmr] DOM-based XSS

Hi, I would like to report DOM-based XSS in htmr. It allows attackers to insert malicious JavaScript payload into the page. Module module name: htmr version: 0.8.6 npm page: https://www.npmjs.com/package/htmr Module Description Simple and lightweight Hash: $window.location.hash; 4. Run the server...