WavesGUI icon indicating copy to clipboard operation
WavesGUI copied to clipboard
verified publisher icon wavesplatform

[SECURITY BUG] Cross-site Scripting (XSS) # 2

Open larrycameron80 opened this issue 6 years ago • 1 comments

Cross-site Scripting (XSS) Vulnerable module: angular Introduced through: [email protected] Detailed paths Introduced through: waves-client@wavesplatform/WavesGUI#c5cd912aefa6bd3f84a6267f25a2debce0434afa › [email protected] Remediation: Upgrade to [email protected]. Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through SVG files if enableSvg is set.

larrycameron80 avatar Sep 17 '19 03:09 larrycameron80

Thanks for issue, we will check the code and update angular if necessary.

vba2000 avatar Sep 17 '19 07:09 vba2000