vulnerability cross-site scripting (xss)
severity 5.4
language javascript
registry npm


frappe-charts is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Open NPM repo
  2. Open the Explore demos
  3. At the bottom find the sandbox Ref:
  4. Use the payload "><img/&#09;&#10;&#11; src=~onerror=alert('XSS')> and place it in name: "Some Data'><img/ � src=~ onerror=alert(document.domain)>",
  5. XSS payload will get executed.