2 matches found
Cross-site Scripting (XSS)
Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the streamKey configuration parameter on the streaming server-side. An attacker can execute arbitrary JavaScript code in the context of the rendered pa...
Cross-site Scripting (XSS)
Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTM...