WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross-Site Scripting in ids-enterprise
High severity
GitHub Reviewed
Published
Jun 13, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Learn more on MITRE.
Versions of
ids-enterpriseprior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). Thesoho-dropdowncomponent does not properly encode its output and may allow attackers to execute arbitrary JavaScript.Recommendation
Upgrade to version 4.18.2 or later
References