vulnerability cross-site scripting (xss)
severity 5.4
language javascript
registry npm


ibm-gantt-chart is vulnerable to Cross-Site Scripting (XSS).

Steps To Reproduce

  1. Open
  2. Copy the code from usage example and make a test.html
  3. And use <link href="" rel="stylesheet" /> and <script src=""></script>
  4. Insert the xss payload in name field in data Ex: name: 'Bethanie"<img src=x onerror=alert(1)>',
  5. Open the test.html file in any browser, XSS payload will get executed.