forms

Cross-Site Scripting

Severity: moderate

Overview

Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting.

Remediation

Update to version 1.3.0 or later.

Vulnerable versions

0.1.1
6 years ago
0.1.0
6 years ago
0.1.2
6 years ago
0.1.3
6 years ago
0.1.4
6 years ago
0.2.0
5 years ago
0.2.1
5 years ago
0.2.2
5 years ago
0.2.3
5 years ago
0.3.0
5 years ago
0.4.0
4 years ago
0.4.1
4 years ago
0.5.0
4 years ago
0.6.0
4 years ago
0.7.0
4 years ago
0.8.0
4 years ago
0.8.1
4 years ago
0.9.0
4 years ago
0.9.1
4 years ago
0.9.2
4 years ago
0.9.3
4 years ago
0.9.4
4 years ago
0.9.5
4 years ago
0.9.6
4 years ago
0.10.0
4 years ago
1.0.0
4 years ago
1.1.0
4 years ago
1.1.1
4 years ago
1.1.3
3 years ago
1.1.4
3 years ago
1.2.0
2 years ago

Unaffected versions

1.3.0
2 years ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Apr 11th, 2017
  2. Reported

    Initial report by Jordan Harband
    Nov 16th, 2016