Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page.
Advisories for Npm/@Meshconnect/Web-Link-Sdk package
2025