CVE-2020-7741
CVE-2020-7741 affects the package hellojs (hello.js) before version 1.18.6. The vulnerability arises because the code reads the url parameter oauth_redirect and assigns it to location.assign without validation or sanitisation, allowing an attacker to inject an XSS payload (e.g., javascript:alert(...