0.001 Low
EPSS
Percentile
27.3%
eta is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in file-handlers.ts due to improper user-input sanitization from the Express API allowing an attacker to inject and execute malicious JavaScript.
file-handlers.ts
github.com/advisories/GHSA-xrh7-m5pp-39r6
github.com/eta-dev/eta/commit/5651392462ee0ff19d77c8481081a99e5b9138dd
github.com/eta-dev/eta/pull/214
github.com/eta-dev/eta/releases/tag/v2.0.0
github.com/eta-dev/eta/security/advisories/GHSA-xrh7-m5pp-39r6