npm

Severity: high

Cross-Site Scripting

fuelux

Overview

Affected versions of fuelux contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Remediation

Update to version 3.15.7 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 25th, 2016
  2. reported

    Initial report by Keenan Jaenicke
    Jul 25th, 2016