2 matches found
@abp/aspnetcore.mvc.ui.theme.basic (>=0.2.1 <=9.1.3), @abp/aspnetcore.mvc.ui.theme.leptonxlite (>=1.0.0 <=4.1.3) +424 more potentially affected by unknown CVE via toastr (>=2.0.4 <=2.1.4)
toastr NPM version =2.0.4, =0.2.1, =1.0.0, =0.2.3, =4.4.0, =0.3.0, =1.1.0, =1.1.0, =1.1.0, =1.0.1-alpha.0, =1.0.9, =0.5.0, =0.0.1, =1.0.0, =1.0.6 - @bycore/aspnetcore.mvc.ui.theme.basic =3.0.5-beta - @bycore/aspnetcore.mvc.ui.theme.shared =3.0.5-beta and more Source cves: unknown CVE Source...
Cross-site Scripting (XSS)
Overview toastr is a Javascript library for non-blocking notifications. jQuery is required. The goal is to create a simple core library that can be customized and extended Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the missing sanitization of message and...