Open mend-bolt-for-github[bot] opened 8 months ago
Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.
Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
WS-2017-0268 - Medium Severity Vulnerability
Vulnerable Library - angular-v1.3.0
Path to dependency file: /rekall-gui/manuskript/static/bower.json
Path to vulnerable library: /rekall-gui/manuskript/static/bower_components/angular/.bower.json
Dependency Hierarchy: - :x: **angular-v1.3.0** (Vulnerable Library)
Found in base branch: rvmi
Vulnerability Details
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.
Publish Date: 2017-05-25
URL: WS-2017-0268
CVSS 3 Score Details (4.7)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2017-05-25
Fix Resolution: 1.6.5
Step up your Open Source Security Game with Mend here