CVE-2021-29438, GHSA-g3fq-3v3g-mh32
npm/@nextcloud/dialogs
Cross-site Scripting
The Nextcloud dialogs library insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched If you need to display HTML in the toast, explicitly pass the options.isHTML
config flag.
All versions before 3.1.2
Upgrade to version 3.1.2 or above.
2021-04-30
source |