EUVD-2018-0192

Malware in sbrugna...

Cross-Site Scripting in @risingstack/protect

All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package. The packag...

mercenary-core (>=2.19.0 <=2.62.3) potentially affected by CVE-2018-1000160 via @risingstack/protect (>=1.0.0 <=1.2.0)

@risingstack/protect NPM version =1.0.0, =2.19.0, =2.62.3 Source cves: CVE-2018-1000160 Source advisory: OSV:GHSA-VPCH-RXW3-FGX8...