Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cross-Site Scripting (XSS) in ibm-gantt-chart

See original GitHub issue

Description

ibm-gantt-chart is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Open https://www.npmjs.com/package/ibm-gantt-chart
  2. Copy the code from the usage example and make a test.html https://www.npmjs.com/package/ibm-gantt-chart#usage
  3. And use <link href="https://unpkg.com/ibm-gantt-chart@0.5.9/dist/ibm-gantt-chart.css" rel="stylesheet" /> and <script src="https://unpkg.com/ibm-gantt-chart@0.5.9/dist/ibm-gantt-chart.js"></script>
  4. Insert the xss payload in name field in data Ex: name: 'Bethanie"<img src=x onerror=alert(1)>',
  5. Open the test.html file in any browser, XSS payload will get executed. ibm-gantt-chart

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
JamieSlomecommented, Sep 15, 2021

@delhoume - this technology is no longer supported.

I will manually open the PR for you!

1reaction
delhoumecommented, Sep 15, 2021

@huntr-helper - LGTM in 418sec#1

Read more comments on GitHub >

github_iconTop Results From Across the Web

WBS Gantt-Chart add-on for JIRA data-export feature cross-site ...
WBS Gantt-Chart add-on for JIRA is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit ...
Read more >
Security Bulletin: A cross-site scripting (XSS) vulnerability ...
A cross-site scripting (XSS) vulnerability may impact IBM Cúram Social Program Management. This vulnerability allows attackers to inject ...
Read more >
Protect from cross-site scripting attacks
In a cross-site scripting (XSS) attack, an attacker injects HTML markup or JavaScript into the affected web application's front-end client.
Read more >
Multiple cross-site scripting vulnerabilities in JQuery affect ...
DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.
Read more >
NVD - Results - National Institute of Standards and Technology
Cross -site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Unable to Cast Ballot

Next page

The test in the main driver to find the dylib directory doesn't work constantly.