Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2016-0046

Good to know:

icon
icon

Date: July 7, 2016

There exists a cross site scripting (XSS) vulnerability in the Pillbox feature of FuelUX. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution.

Language: JS

Severity Score

Related Resources (2)

https://github.com/ExactTarget/fuelux/issues/1841
https://www.mend.io/vulnerability-database/WS-2016-0046

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version ns/ace-bundle - 5.0.30;ns/ace-bundle - no_fix;ns/ace-bundle - 3.0.1;ns/ace-bundle - 3.1.0;ns/ace-bundle - 1.5.1;ns/ace-bundle - 5.0.25;ns/ace-bundle - 3.1.1;ns/ace-bundle - 0.9.0;ns/ace-bundle - 4.0.0;ns/ace-bundle - 5.0.27;ns/ace-bundle - 5.0.23;ns/ace-bundle - 4.0.1;ns/ace-bundle - 5.0.47;ns/ace-bundle - 5.0.54;ns/ace-bundle - 5.0.49;ns/ace-bundle - 2.0.1;ns/ace-bundle - 3.1.37;opencontent/openpa_theme_2014-ls - 2.0;opencontent/openpa_theme_2014-ls - 2.14.1;opencontent/openpa_theme_2014-ls - no_fix;opencontent/openpa_theme_2014-ls - 2.16.0;opencontent/openpa_theme_2014-ls - 1.1;waxis/form - v1.0.1;yiizh/yii2-fuelux - no_fix;pterodactyl/panel - v0.6.0-beta.1;dywee/core-bundle - no_fix;sonlabs/php-paypal - no_fix;xemware/yii2-fuelux - no_fix;fuelux - 3.15.7;hakoncms/hakoncms - no_fix;org.webjars:fuelux:no_fix;org.webjars.bower:fuelux:3.14.2;org.webjars.npm:fuelux:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us