EPSS
Percentile
29.9%
@backstage/plugin-auth-backend is vulnerable to Cross Site Scripting. The vulnerability exists in makeCreateEnv of index.ts because the code doesn’t enable authorization which allows an attacker to inject and execute arbitrary javascript.
makeCreateEnv
index.ts
github.com/backstage/backstage/commit/657a6a0b8e5301e82703b4f31c6ea6db3bafdaf0
github.com/backstage/backstage/pull/7943
github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49
github.com/backstage/backstage/tree/master/plugins/auth-backend