EPSS
Percentile
41.5%
lightning-server is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute malicious script in a user’s browser via an error message in the session controller’s addData function.
addData
github.com/lightning-viz/lightning/blob/master/app/controllers/session.js
github.com/lightning-viz/lightning/blob/master/app/controllers/session.js%23L230
github.com/lightning-viz/lightning/blob/v1.3.0/app/controllers/session.js#L230