vulnerability cross-site scripting (xss)
severity 5.4
language javascript
registry npm


frappe-datatable is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Open the following codesandbox
  2. Insert the xss payload in any of the values field in data in data.js Ex: let data = [["Tiger Nixon'<img src=x onerror=alert(1)>",
  3. XSS payload will get executed.