0.002 Low
EPSS
Percentile
55.1%
hellojs is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code via the oauth_redirect in the URL.
oauth_redirect
github.com/MrSwitch/hello.js/blob/3b79ec93781b3d7b9c0b56f598e060301d1f3e73/dist/hello.all.js#L1545
github.com/MrSwitch/hello.js/blob/3b79ec93781b3d7b9c0b56f598e060301d1f3e73/dist/hello.all.js%23L1545
github.com/MrSwitch/hello.js/commit/d6f5137f30de6e0ef7048191ee6ae575fdc2f669