Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting (XSS)
Vulnerability Description
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Visjs Vis-timeline 跨站脚本漏洞
Vulnerability Description
Visjs Vis-timeline是埃及Visjs社区的一款基于 Javascript 用于生成2D交互式时间轴的代码库。支持通过在时间轴中拖动和滚动来自由移动和缩放时间轴。可以在时间轴中创建,编辑和删除项目。轴上的时间刻度是自动调整的,并且支持的刻度范围从毫秒到年。 vis-timeline before 7.4.4 存在安全漏洞,攻击者可利用该漏洞可以向生成的应用程序注入额外的脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A