status-board is vulnerable to cross-site scripting (XSS). The displayed error message is not sanitized and would allow remote attackers to inject arbitrary Javascript into a victim’s browser through the safeDashboardName
parameter.
CPE | Name | Operator | Version |
---|---|---|---|
status-board | le | 1.2.0-beta.35 |