timelinejs3 is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via unprotected Google Sheets or a JSON configuration file.
CPE | Name | Operator | Version |
---|---|---|---|
timelinejs3 | eq | 3.4.0 | |
timelinejs3 | le | 3.6.6 |