npm

Severity: high

DOM-based XSS

gmail-js

Overview

Affected versions of gmail-js are vulnerable to cross-site scripting in the tools.parse_response, helper.get.visible_emails_post, and helper.get.email_data_post functions, which pass user input directly into the Function constructor.

Remediation

Update to version 0.6.5 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 21st, 2016
  2. reported

    Initial report by Gursev Singh Kalra
    Jul 21st, 2016