@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2021-23440 via set-value (=4.0.0)

set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2021-23440 Source advisory: OSV:GHSA-4JQC-8M5R-9RPR...

Code injection

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...