Impact
Improper input validation in the init
function allows arbitrary javascript to be executed using the javascript:
prefix
SSO.init('javascript:alert("javascript successfully injected")')
Patches
This vulnerability was patched on version 0.1.0
Workarounds
This vulnerability can be prevented if user input correctly sanitized or there is no user input pass to the init
function
Impact
Improper input validation in the
init
function allows arbitrary javascript to be executed using thejavascript:
prefixPatches
This vulnerability was patched on version
0.1.0
Workarounds
This vulnerability can be prevented if user input correctly sanitized or there is no user input pass to the
init
function