fullpage.js is vulnerable to cross-site scripting. Lack of sanitization of anchor URL before putting it in anchor href in alvarotrigo/fullpage.js
allows an attacker to inject malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
fullpage.js | le | 3.1.2 | |
fullpage.js | le | 4.0.5 | |
fullpage.js | le | 3.1.2 | |
fullpage.js | le | 4.0.4 |