Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2017-0130

Good to know:

icon
icon

Date: November 29, 2016

Affected versions of the knockout package are vulnerable to Cross-site Scripting (XSS).

Language: JS

Severity Score

Related Resources (3)

https://github.com/hapijs/podium/pull/17
https://github.com/knockout/knockout/pull/1022
https://www.mend.io/vulnerability-database/WS-2017-0130

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version XSockets.Sample.WebRTC - 0.7.1;UmbracoCms - 6.0.7;UmbracoCms - 6.1.2;UmbracoCms - 4.11.10;UmbracoCms - 7.0.0-RC;pscheit/psc-cms-js - dev-master;pscheit/psc-cms-js - 1.5.0-alpha;pscheit/psc-cms-js - 1.1.1;pscheit/psc-cms-js - 1.2.1;LearnHTML5 - no_fix;nasermekky/fastdashbord - no_fix;nasermekky/fastdashbord - 1.0;knockoutjs - 3.0.0;knockoutjs - 2.2.0;cucumberjs-specrunner - no_fix;HPOC - no_fix;hexmedia/knockout-bootstrap - no_fix;octopus - no_fix;Zephyr.Web - no_fix;Breeze.WebApiSample - 1.1.3;ProofOfConcept - no_fix;XSockets.Tutorials - no_fix;abao-MyPackage - no_fix;Shared.Test.Package - 1.0.3;nasermekky/fast-dashboard - 1.6.14;nasermekky/fast-dashboard - 1.6.18;EfficentDurandalFrameWork - no_fix;reginaldojunior/winners - v0.1.1-beta;SP.Orchard - no_fix;fmccoy/a360-core - dev-develop;dev-temp/plugins - no_fix;Humana - no_fix;jQWidgets_Framework - 6.0.6;jQWidgets_Framework - 8.0.0;maoyuanMvcKendoJsLib - no_fix;OpenWaves.EPiServer.BrightcoveVideoCloudProperty - no_fix;matidev/matiwp-types - no_fix;Breeze.MVC4WebApiClientSample - no_fix;POC - no_fix;Lind.DDD.Manager - no_fix;seqan - no_fix;seqan-library - no_fix;phpanonymous/it - no_fix;MVCForum - no_fix;knockout-bootstrap - no_fix;ap.Web - no_fix;Composite.WindowsAzure.Management - no_fix;EasyFurion - no_fix;NewHotTowel - no_fix;SEFDataService - no_fix;mead_steve/behationary - no_fix;BizagiModelerTest - no_fix;nasermekky/it - no_fix;nasermekky/it - 1.0;Saltarelle.Knockout - 1.6.3;MyMvc4WejDemo - no_fix;Project.CommonBackground - no_fix;pscheit/serien-loader-client - no_fix;CaregiverDomain - no_fix;knockout - 3.0.0;CarSystem - 2.0.1-alpha;MvcMusicStore - no_fix;DCB - no_fix;Knockout.MVC - no_fix;SFS-Shell-Web-Mvc-Compiled - 1.0.0.51;XSockets.Sample.StockTicker - no_fix;Lind.DDD.NewManager - no_fix;BizagiModeler - no_fix;GoiCuaVinh - no_fix;WebProject - no_fix;CaregiverPOC - no_fix;OpenWaves.EPiServer.TagsProperty - no_fix;matidev/types - no_fix;org.webjars.npm:knockout-bootstrap:no_fix;org.webjars:knockout:3.0.0;org.webjars.bower:knockoutjs:3.2.0;org.webjars.bower:pagerjs:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us