Cross-Site Scripting in ids-enterprise
High severity
GitHub Reviewed
Published
Jun 13, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Jun 13, 2019
Published to the GitHub Advisory Database
Jun 13, 2019
Last updated
Jan 9, 2023
Versions of
ids-enterprise
prior to 4.18.2 are vulnerable to Cross-Site Scripting (XSS). Script tags in thesoho-autocomplete
component are not properly encoded and may allow attackers to execute arbitrary JavaScript.Recommendation
Upgrade to version 4.18.2 or later
References