Cross-Site Scripting in md-data-table
High severity
GitHub Reviewed
Published
Sep 1, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 1, 2020
Last updated
Jan 9, 2023
All versions of
md-data-table
are vulnerable to cross-site scripting (XSS). This vulnerability is exploitable if an attacker has control over data that is rendered bymdt-row
Recommendation
As there is no fix for this vulnerability at this time we recommend either selecting another package to perform this functionality or properly sanitizing all user data prior to rendering with
md-data-table
References