EPSS
Percentile
22.7%
@nextcloud/dialogs is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via a toast message.
github.com/advisories/GHSA-g3fq-3v3g-mh32
github.com/nextcloud/nextcloud-dialogs/pull/328
github.com/nextcloud/nextcloud-dialogs/security/advisories/GHSA-g3fq-3v3g-mh32
www.npmjs.com/package/@nextcloud/dialogs