npm

Severity: moderate

Cross-Site Scripting

harp

Overview

All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, harp does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious files.

Remediation

No fix is currently available. Consider using an alternative module until a fix is made available.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Apr 8th, 2019
  2. reported

    Reported by skyn3t
    Apr 8th, 2019