Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.
Due Date: 2023-01-10
A medium severity vulnerability has been discovered in your project.
Project Name: kondukto-ui-vue
Scanner Name: dependabot
Cwe ID: 79
Cwe Name: Improper Neutralization of Input During Web Page Generation (Cross Site Scripting)
Cwe Link: https://cwe.mitre.org/data/definitions/79.html
File: package-lock.json
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Name: Improper Encoding or Escaping of Output
Description: The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection
Videos:
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description: The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/xss
Videos:
Tool Description: ### Summary
Cross-Site Scripting in serialize-javascript
Fixed Patch
2.1.1
Versions of
serialize-javascript
prior to 2.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications.Recommendation
Upgrade to version 2.1.1 or later.
Kondukto Link: https://82.kondukto.local/projects/63b2e875fcd0c2a01b845757/vulns/appsec?page=1&perPage=15&id=in:63bbc8a5b3a8a9664878e6fe Deeplink: https://github.com/advisories/GHSA-h9rv-jmmf-4pgx