CVE-2020-15092, GHSA-2jpm-827p-j44g
npm/@knight-lab/timelinejs
Cross-site Scripting
In TimelineJS, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file.
All versions before 3.7.0
Upgrade to version 3.7.0 or above.
2020-07-30
source |