RSS   Vulnerabilities for 'Tempura'   RSS

2021-11-03
 
CVE-2021-23784

CWE-79
 

 
This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability.

 


Copyright 2024, cxsecurity.com

 

Back to Top