You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.
Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
WS-2017-0268 - Medium Severity Vulnerability
Vulnerable Library - angular-v1.3.0
Path to dependency file: /rekall-gui/manuskript/static/bower.json
Path to vulnerable library: /rekall-gui/manuskript/static/bower_components/angular/.bower.json
Dependency Hierarchy:
Found in base branch: win10_compressed_memory
Vulnerability Details
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via
document.implementation.createHTMLDocument()
.Publish Date: 2017-05-25
URL: WS-2017-0268
CVSS 3 Score Details (4.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-25
Fix Resolution: 1.6.5
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: