Cross-Site Scripting in google-closure-library
Moderate severity
GitHub Reviewed
Published
Sep 2, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Aug 31, 2020
Published to the GitHub Advisory Database
Sep 2, 2020
Last updated
Jan 9, 2023
Versions of
google-closure-library
prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. Thesafedomtreeprocessor.processToString()
function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting.Recommendation
Upgrade to version 20190301.0.0 or later.
References