Advisories for Npm/Mapbox.js package

2017

Cross-site Scripting

Mapbox is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.

Cross-site Scripting

Mapbox is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control

2016

Content Injection via TileJSON Name

Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.

2015

Content Injection via TileJSON attribute

Mapbox.js is vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios.