CVE-2020-15092

Cross-site Scripting in npm/@knight-lab/timelinejs

Identifiers

CVE-2020-15092, GHSA-2jpm-827p-j44g

Package Slug

npm/@knight-lab/timelinejs

Vulnerability

Cross-site Scripting

Description

In TimelineJS, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file.

Affected Versions

All versions before 3.7.0

Solution

Upgrade to version 3.7.0 or above.

Last Modified

2020-07-30

source