CVE-2021-29438

Cross-site Scripting in npm/@nextcloud/dialogs

Identifiers

CVE-2021-29438, GHSA-g3fq-3v3g-mh32

Package Slug

npm/@nextcloud/dialogs

Vulnerability

Cross-site Scripting

Description

The Nextcloud dialogs library insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched If you need to display HTML in the toast, explicitly pass the options.isHTML config flag.

Affected Versions

All versions before 3.1.2

Solution

Upgrade to version 3.1.2 or above.

Last Modified

2021-04-30

source