EUVD-2021-0806

Malware in sbrugna...

@csnext/cs-timeline (>=0.0.101-beta.22 <=0.0.132-beta.446), @net7/components (>=3.0.2-rc.2 <=4.3.2) +10 more potentially affected by CVE-2020-28487 via vis-timeline (>=5.1.0 <=7.4.2)

vis-timeline NPM version =5.1.0, =0.0.101-beta.22, =3.0.2-rc.2, =1.2.0, =8.0.0, =2.0.0, =1.3.0, =3.0.0, =1.0.0, =0.0.6, =0.1.0, =0.3.0 Source cves: CVE-2020-28487 Source advisory: OSV:GHSA-9MRV-456V-PF22...

GHSA-9MRV-456V-PF22 Cross-site Scripting in vis-timeline

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

Cross-site Scripting in vis-timeline

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

Cross-Site Scripting (XSS)

vis-timeline is vulnerable to cross-site scripting. An attacker is able to inject malicious code into the innerHTML property element...

CVE-2020-28487

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

CVE-2020-28487

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

CVE-2020-28487

The CVE-2020-28487 entry affects vis-timeline (prior to 7.4.4). Affected component: Timeline items data; root cause is the ability to control Timeline items which allows injection of script code into the generated application, resulting in cross-site scripting (XSS). Impact per sources is that an...

CVE-2020-28487 Cross-site Scripting (XSS)

This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application...

Visjs Vis-timeline Cross-Site Scripting Vulnerability

Visjs Vis-timeline is a Javascript-based codebase for generating 2D interactive timelines from the Egyptian Visjs community. It supports free movement and scaling of the timeline by dragging and scrolling in the timeline. Items can be created, edited and deleted in the timeline. The time scale on...

Cross-site Scripting (XSS)

Overview vis-timeline is a Timeline/Graph2D is an interactive visualization chart to visualize data in time Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with the ability to control the items of a Timeline element can inject additional script code into...

@csnext/cs-timeline (>=0.0.101-beta.22 <=0.0.132-beta.446), @net7/components (>=3.0.2-rc.2 <=4.3.2) +4 more potentially affected by CVE-2020-28487 via vis-timeline (>=7.1.3 <=7.4.2)

vis-timeline NPM version =7.1.3, =0.0.101-beta.22, =3.0.2-rc.2, =2.0.0, =1.3.0, =3.1.1-build1667201258, =3.1.2-build1667201375 Source cves: CVE-2020-28487 Source advisory: SNYK:JS-VISTIMELINE-1063500...