Skip to content
This repository has been archived by the owner on Jul 30, 2021. It is now read-only.

Stored Cross Site Scripting (XSS)

High
puncsky published GHSA-jc3v-h36h-6mx3 Nov 10, 2020

Package

No package listed

Affected versions

1.1.0

Patched versions

2.0

Description

Impact

The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens , redirecting the user to a malicious webpage and performing unintended browser action.

Patches

The vulnerability will be patched in version 2.0.

Workarounds

Update to Version 2.0

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)

Severity

High

CVE ID

CVE-2020-26221

Weaknesses

No CWEs