code-server is vulnerable to cross-site scripting. The vulnerability exists because the errorHandler
function of errors.ts
does not properly escape the err.message
property, allowing an attacker to inject and execute malicious javascript
CPE | Name | Operator | Version |
---|---|---|---|
code-server | le | 3.12.0 | |
code-server | le | 3.12.0 |