Skip to content

Several XSS vulnerabilities in stacktable.js

High
tgifford-webfirst published GHSA-r9j3-hgxr-75xg Jun 21, 2019 · 1 comment

Package

npm stacktable.js (npm)

Affected versions

< 1.0.4

Patched versions

1.0.4

Description

Impact

As an XSS vulnerability, the impact is high, but see workarounds below.

Patches

Upgrade to version 1.0.4.

Workarounds

This vulnerability results from improper construction of HTML in javascript based on existing elements, e.g. DOM-Based XSS. If the content being manipulated by stacktable.js is trusted, this vulnerability is not likely to be exploited.

Credits

Reported by: Ted Gifford (WebFirst, Inc.)
Fixed by: Ted Gifford (WebFirst, Inc.)

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs