eslint-detailed-reporter is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in renderIssue
function in template-generator.js
because the issue message is not properly escaped when rendering issues which allows an attacker to inject and execute arbitrary JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
eslint-detailed-reporter | le | 0.9.0 | |
eslint-detailed-reporter | le | 0.9.0 |