CVE-2023-41049, GHSA-vp4f-wxgw-7x8x
npm/@dcl/single-sign-on-client
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init
function allows arbitrary javascript to be executed using the javascript:
prefix. This vulnerability has been patched on version 0.1.0
. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the init
function.
All versions before 0.1.0
Upgrade to version 0.1.0 or above.
2023-09-05
source |