Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript.

Recommendation

Upgrade to version 4.18.2 or later

References

Reviewed Jun 13, 2019

Published to the GitHub Advisory Database Jun 13, 2019

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Recommendation

References

Severity

Weaknesses

CVE ID

GHSA ID

Source code