Cross-site Scripting (XSS)
Affecting morris.js package, versions <=0.5.0
morris.js is a very simple API for drawing line, bar, area and donut charts.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. The row label is concatenated without filter and could contain any value.
There is no fix version for
morris.js. A pull request with a fix has been merged on GitHub, but not published to npm.
Do your applications use this vulnerable package?
- Jelte Fennema
- Snyk ID
- 17 Jul, 2014
- 16 Apr, 2017