Advisories for Npm/@Dcl/Single-Sign-on-Client package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix. This vulnerability has been patched on version 0.1.0. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the init function.