Vulnerability CVE-2020-28487
Published: 2021-01-22

Description:
This affects the package vis-timeline before 7.4.4.
An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.

 References:
https://github.com/visjs/vis-timeline/issues/838
https://github.com/visjs/vis-timeline/pull/840
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBVISJS-1063502
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1063501
https://snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500
Copyright 2024, cxsecurity.com

 

Back to Top