You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross-Site Scripting in @risingstack/protect
Moderate severity
GitHub Reviewed
Published
Apr 25, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss() XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser.
Recommendation
No fix is currently available. Consider using an alternative package. The package is not actively maintained and will not be patched.
All versions of
@risingstack/protect
are vulnerable to Cross-Site Scripting. TheisXss()
XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser.Recommendation
No fix is currently available. Consider using an alternative package. The package is not actively maintained and will not be patched.
References