You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross-Site Scripting in shave
Moderate severity
GitHub Reviewed
Published
May 29, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of shave prior to 2.5.3 are vulnerable to Cross-Site Scripting. The shave package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed into shave the output will be decoded which may lead to Cross-Site Scripting.
Versions of
shave
prior to 2.5.3 are vulnerable to Cross-Site Scripting. Theshave
package overwrites HTML elements and in doing so fails to properly encode the output. If encoded HTML input is passed intoshave
the output will be decoded which may lead to Cross-Site Scripting.Recommendation
Upgrade to version 2.5.3 or later.
References